USN-4932-2: Django vulnerability
13 May 2021
Django could be made to overwrite files.
- python-django - High-level Python web development framework
USN-4932-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Django incorrectly handled certain
filenames. A remote attacker could possibly use this issue to create or
overwrite files in unexpected directories.
The problem can be corrected by updating your system to the following package versions:
- python-django - 1.6.11-0ubuntu1.3+esm3
In general, a standard system update will make all the necessary changes.
- USN-4932-1: python-django-common, python-django, python3-django, python-django-doc