FEDORA-2026-b9548393aa — security update for python-django5

stable

python-django5-5.2.14-1.fc42

FEDORA-2026-b9548393aa created by salimma 4 weeks ago for Fedora 42

Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass
Fixes CVE-2026-35192: Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
Fixes CVE-2026-6907: Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware
Fixes CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation
Fixes CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin
Fixes CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable
Fixes CVE-2026-33033: Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
Fixes CVE-2026-33034: Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
Fixes CVE-2026-25674: Potential incorrect permissions on newly created file system objects

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2026-b9548393aa

This update has been submitted for testing by salimma.

4 weeks ago

This update's test gating status has been changed to 'ignored'.

4 weeks ago

This update has been pushed to testing.

4 weeks ago

geraldosimiao provided feedback 4 weeks ago

karma

This update has been submitted for stable by bodhi.

4 weeks ago

This update has been pushed to stable.

3 weeks ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

4 weeks ago

in testing

4 weeks ago

in stable

3 weeks ago

approved

4 weeks ago

Builds

python-django5-5.2.14-1.fc42

BZ#2444117 python-django5-5.2.14 is available

python-django5-5.2.14-1.fc42

Automated Test Results

ignored