Debian 10225 Published by

A python-django security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address a potential Denial of Service (DoS) vulnerability.



ELA-791-1 python-django security update

Package : python-django
Version : 1.7.11-1+deb8u16 (jessie), 1:1.10.7-2+deb9u19 (stretch)

Related CVEs :
CVE-2023-23969

It was discovered that there was a potential Denial of Service (DoS)
vulnerability in Django, a popular Python-based web development framework.
Parsed values of the Accept-Language HTTP headers are cached by Django order to
avoid repetitive parsing. This could have led to a potential denial-of-service
attack via excessive memory usage if the raw value of Accept-Language headers
was very large.
Accept-Language headers are now limited to a maximum length specifically in
order to avoid this issue.

  ELA-791-1 python-django security update