Request 1189777: Incident python-Django.openSUSE_Backports_SLE-15-SP5_Update - openSUSE Build Service

Overview

Request 1189777 accepted

- Add fix-cve-2023-23969.patch (CVE-2023-23969, bsc#1207565)
* CVE-2023-23969: Potential denial-of-service via
Accept-Language headers
- Add CVE-2024-38875.patch (CVE-2024-38875, bsc#1227590)
* CVE-2024-38875: Potential denial-of-service attack via
certain inputs with a very large number of brackets
- Add CVE-2024-39329.patch (CVE-2024-39329, bsc#1227593)
* CVE-2024-39329: Username enumeration through timing difference
for users with unusable passwords
- Add CVE-2024-39330.patch (CVE-2024-39330, bsc#1227594)
* CVE-2024-39330: Potential directory traversal in
django.core.files.storage.Storage.save()
- Add CVE-2024-39614.patch (CVE-2024-39614, bsc#1227595)
* CVE-2024-39614: Potential denial-of-service through
django.utils.translation.get_supported_language-variant()

Created by nkrapp 4 months ago
In state accepted

Incident python-Django.openSUSE_Backports_SLE-15-SP5_Update

Comments for request 1189777 0

Login required, please login in order to comment

Request History

nkrapp created request 4 months ago

- Add fix-cve-2023-23969.patch (CVE-2023-23969, bsc#1207565)
* CVE-2023-23969: Potential denial-of-service via
Accept-Language headers
- Add CVE-2024-38875.patch (CVE-2024-38875, bsc#1227590)
* CVE-2024-38875: Potential denial-of-service attack via
certain inputs with a very large number of brackets
- Add CVE-2024-39329.patch (CVE-2024-39329, bsc#1227593)
* CVE-2024-39329: Username enumeration through timing difference
for users with unusable passwords
- Add CVE-2024-39330.patch (CVE-2024-39330, bsc#1227594)
* CVE-2024-39330: Potential directory traversal in
django.core.files.storage.Storage.save()
- Add CVE-2024-39614.patch (CVE-2024-39614, bsc#1227595)
* CVE-2024-39614: Potential denial-of-service through
django.utils.translation.get_supported_language-variant()

factory-auto accepted review 4 months ago

Check script succeeded

licensedigger accepted review 4 months ago

ok

maintbot added python-Django as a reviewer 4 months ago

Submission for python-Django by someone who is not maintainer in the devel project (devel:languages:python:django). Please review

maintbot accepted review 4 months ago

ok

mcalabkova accepted review 4 months ago

good point, you should have the rights

mcalabkova approved review 4 months ago

good point, you should have the rights

msmeissn moved maintenance target to openSUSE:Maintenance:18497 4 months ago

msmeissn accepted request 4 months ago

accepted request 1189777:Thanks!

For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance

openSUSE Build Service is sponsored by