Mageia 2021-0511: python-django-filter security update
Summary
In django-filter before version 2.4.0, automatically generated 'NumberFilter'
instances, whose value was later converted to an integer, were subject to
potential DoS from maliciously input using exponential format with
sufficiently large exponents.
References
- https://bugs.mageia.org/show_bug.cgi?id=29603
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DPHENTRHRAYFXYPPBT7JRHZRWILRY44S/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15225
Resolution
MGASA-2021-0511 - Updated python-django-filter packages fix security vulnerability
SRPMS
- 8/core/python-django-filter-2.4.0-1.mga8