ALT-BU-2024-15709-1
Branch sisyphus_loongarch64 update bulletin.
Package gnome-icon-theme updated to version 3.12.0-alt1.2 for branch sisyphus_loongarch64.
Closed bugs
Выбранная по умолчанию тема gnome не наследуется от hicolor
Package python3-module-django updated to version 5.0.9-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-06269
Уязвимость методов QuerySet.values() и values_list() моделей JSONField программной платформы для веб-приложений Django, позволяющая нарушителю выполнить произвольный код
BDU:2024-06736
Уязвимость функции django.utils.html.urlize программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-07072
Уязвимость функции django.utils.html.urlize() программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-07073
Уязвимость функции django.utils.numberformat.floatformat() программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-07074
Уязвимость функции django.utils.html.urlize() программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-03-14
CVE-2024-41989
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
Modified: 2024-08-07
CVE-2024-41990
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Modified: 2024-08-07
CVE-2024-41991
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Modified: 2024-10-23
CVE-2024-42005
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
Modified: 2025-03-17
CVE-2024-45230
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
Modified: 2025-03-17
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
Package lorem updated to version 1.4-alt2 for branch sisyphus_loongarch64.
Closed bugs
Оптимизировать список зависимостей (BuildRequires) | Ошибки в spec-файле
Package netsleuth updated to version 1.0.4-alt2 for branch sisyphus_loongarch64.
Closed bugs
Оптимизировать список зависимостей (BuildRequires) | Ошибки в spec-файле
Package elastic updated to version 0.1.6-alt2 for branch sisyphus_loongarch64.
Closed bugs
Оптимизировать список зависимостей (BuildRequires)
Package python3-module-nltk updated to version 3.9.1-alt2 for branch sisyphus_loongarch64.
Closed bugs
Resource wordnet not found