Your message dated Thu, 06 Mar 2025 21:20:56 +0000 with message-id <e1tqieg-00eutf...@fasolo.debian.org> and subject line Bug#1099682: fixed in python-django 3:4.2.20-1 has caused the Debian Bug report #1099682, regarding python-django: CVE-2025-26699 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1099682: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099682 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 2:2.2.28-1~deb11u5 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2025-26699 [0]: Potential denial-of-service in django.utils.text.wrap() The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. Thanks to sw0rd1ight for the report. This issue has severity "moderate" according to the Django security policy. — <https://www.djangoproject.com/weblog/2025/mar/06/security-releases/> If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-26699 https://www.cve.org/CVERecord?id=CVE-2025-26699 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 3:4.2.20-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1099...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 06 Mar 2025 17:55:06 +0000 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 3:4.2.20-1 Distribution: unstable Urgency: high Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 1099682 Changes: python-django (3:4.2.20-1) unstable; urgency=high . * New upstream security release: . - CVE-2025-26699: Address a potential denial-of-service in django.utils.text.wrap. The wrap() method and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings. (Closes: #1099682) . <https://www.djangoproject.com/weblog/2025/mar/06/security-releases/> Checksums-Sha1: 6eb38977c170d0635b054ca8f8703b14584e9b94 2765 python-django_4.2.20-1.dsc 29428ec48cf24dfb4910668594034c934f44ee89 10432686 python-django_4.2.20.orig.tar.gz 9124fd0254f0891689679cef73c67febbb1c11a2 33392 python-django_4.2.20-1.debian.tar.xz f30ffa6599bc0eb745b2af5b80ef9264456a0155 7862 python-django_4.2.20-1_amd64.buildinfo Checksums-Sha256: c8daa39d407097c009d5816ba3a325e22ef505626679ef4cd2944eb43f26c9f6 2765 python-django_4.2.20-1.dsc 92bac5b4432a64532abb73b2ac27203f485e40225d2640a7fbef2b62b876e789 10432686 python-django_4.2.20.orig.tar.gz 6ab1babc3eb9ce2ce335fcc6aca0d7f691d152665a253473b9e1d986bcd1de2f 33392 python-django_4.2.20-1.debian.tar.xz b35735483a2054a5b69e28c52c71dd92754a4084c15c4cfdaf4703b7f0711723 7862 python-django_4.2.20-1_amd64.buildinfo Files: c444fe10245ada0b721a1d28164f4245 2765 python optional python-django_4.2.20-1.dsc 39ea6e124195a0a614df95e451d3c9b9 10432686 python optional python-django_4.2.20.orig.tar.gz de80bef748a61a00ba61ea880a1424b8 33392 python optional python-django_4.2.20-1.debian.tar.xz 2729f070ad06c516b3d0d149c2f552ed 7862 python optional python-django_4.2.20-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmfJ/wsACgkQHpU+J9Qx HlijKA/9H9ZWqJXY/qSMH9StmkC1q/NtW0X5vJapH2oulPLoMV7Ebky8GiMUOuYR oUt5BnTvqGz1vwM9GNjCfuyci88ELGJEW4/EPHGsfrYXQTlkf7Z4QsGRFkraDYiP Eg6BvdqpU16g2xA41QmKlID1zOwR/54BtiNiPRoQhXtAw9QIGGHW7npg5kkWOCIK cgt2siQceITS/ySn/zbL8LDe6Gsx/LpTexpeFuvx933Tc+yBbSobv0hft5EkKcy7 aT63EOdsPx4znucITs2eYC8qpX7fq5z4pdfKF5fb9zjDYdR5Qs73cSHJ4ESbcZrE +sAx5TLM4qZtMpXhZKpQsjDH4MB0DkcSN9SWrOsB5MRTJuzGOh+HN5qGLse13Hgl Oyrq5Ivho3prl5ovfAFjJkLIjenMncGb0SwvJ5sCp81vtw3OK4i+eHlsHmYMlwFD hPhN6YEQL1CFS0TwyKwduzXZ89i1i1FmzVRW1vpMxvJdnyBUzktv46eL3TyjGY3V HpCrXbMwXvYDYykO0zkaF1TQVJJiSVPSPoTdkc4MIUlvNFSrkI4l793wuRNCp1+Y zjxdjtpdQzh430HdhxtBqyyknka5zL3hycxvdHZLSpBso48HHx8XZ2fm4FtZ5J+H ClVEnx1vJ1o3c7g1jbCpe143LQPfXBJFm9t3muW9LfEpfxJQqtI= =pnSA -----END PGP SIGNATURE-----
pgpJF9UZwT1Yo.pgp
Description: PGP signature
--- End Message ---
