MGASA-2021-0511 - Updated python-django-filter packages fix security vulnerability

Publication date: 18 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0511.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2020-15225

In django-filter before version 2.4.0, automatically generated 'NumberFilter'
instances, whose value was later converted to an integer, were subject to
potential DoS from maliciously input using exponential format with
sufficiently large exponents.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29603
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/DPHENTRHRAYFXYPPBT7JRHZRWILRY44S/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15225

SRPMS:
- 8/core/python-django-filter-2.4.0-1.mga8