ALT Linux Team

Package python3-module-django update in sisyphus on 2025-04-18

ALT-PU-2025-5669-2

Package python3-module-django updated to version 5.1.8-alt1 for branch sisyphus in task 381812.

Closed vulnerabilities

Published: 2025-04-02
Modified: 2025-04-03

CVE-2025-27556

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top