FEDORA-2026-9b7a6474a1 — security update for python-django5

stable

python-django5-5.2.14-1.fc44

FEDORA-2026-9b7a6474a1 created by salimma a month ago for Fedora 44

Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass
Fixes CVE-2026-35192: Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
Fixes CVE-2026-6907: Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware
Fixes CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation
Fixes CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin
Fixes CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable
Fixes CVE-2026-33033: Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
Fixes CVE-2026-33034: Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
Fixes CVE-2026-25674: Potential incorrect permissions on newly created file system objects

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2026-9b7a6474a1

This update has been submitted for testing by salimma.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update has been pushed to testing.

a month ago

This update has been submitted for stable by bodhi.

3 weeks ago

This update has been pushed to stable.

3 weeks ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a month ago

in testing

a month ago

in stable

3 weeks ago

approved

3 weeks ago

Builds

python-django5-5.2.14-1.fc44

BZ#2444117 python-django5-5.2.14 is available

python-django5-5.2.14-1.fc44

Automated Test Results

ignored