MGASA-2022-0011 - Updated python-django packages fix security vulnerability

Publication date: 11 Jan 2022
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-45115,

UserAttributeSimilarityValidator incurred significant overhead evaluating
submitted password that were artificially large in relative to the
comparison values. On the assumption that access to user registration was
unrestricted this provided a potential vector for a denial-of-service
attack. (CVE-2021-45115)
Due to leveraging the Django Template Language's variable resolution
logic, the dictsort template filter was potentially vulnerable to
information disclosure or unintended method calls, if passed a suitably
crafted key. (CVE-2021-45116) allowed directory-traversal if directly passed suitably
crafted file names. (CVE-2021-45452)


- 8/core/python-django-3.1.14-1.1.mga8