stable

python-django5-5.2.11-1.fc42

FEDORA-2026-00b5bf3150 created by salimma 4 months ago for Fedora 42
  • Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
  • Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
  • Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
  • Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
  • Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
  • Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
  • Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
  • Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2026-00b5bf3150

This update has been submitted for testing by salimma.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
4 months ago
approved
4 months ago
Builds
1
python-django5-5.2.11-1.fc42
BZ#2427483 python-django5-5.2.11 is available
0
0
BZ#2436695 CVE-2025-14550 python-django5: Django: Denial of Service via crafted request with duplicate headers [fedora-42]
0
0
BZ#2436699 CVE-2026-1312 python-django5: Django: SQL injection via crafted column aliases in QuerySet.order_by() [fedora-42]
0
0
BZ#2436709 CVE-2026-1285 python-django5: Django: Denial of Service via crafted HTML inputs [fedora-42]
0
0
BZ#2436714 CVE-2026-1287 python-django5: Django: SQL Injection via crafted column aliases [fedora-42]
0
0
BZ#2436716 CVE-2026-1207 python-django5: Django: SQL Injection via RasterField band index parameter [fedora-42]
0
0
python-django5-5.2.11-1.fc42

Automated Test Results

Copyright © 2007-2026 Red Hat, Inc. and others.

Running bodhi-server 26.4.0 on bodhi-web-79764b86cc-rw46h.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy