""" CVE-2024-45230: Potential denial-of-service vulnerability in django.utils.html.urlize() urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. Thanks to MProgrammer for the report. This issue has severity "moderate" according to the Django security policy. CVE-2024-45231: Potential user email enumeration via response status on password reset Due to unhandled email sending failures, the django.contrib.auth.forms.PasswordResetForm class allowed remote attackers to enumerate user emails by issuing password reset requests and observing the outcomes. To mitigate this risk, exceptions occurring during password reset email sending are now handled and logged using the django.contrib.auth logger. Thanks to Thibaut Spriet for the report. This issue has severity "low" according to the Django security policy. """
commit 8bcd650f631d5b8a13160ca76b040b3465c09488 Author: Michał Górny <mgorny@gentoo.org> Date: Wed Sep 4 04:15:22 2024 +0200 dev-python/django: Bump to 5.1.1 Signed-off-by: Michał Górny <mgorny@gentoo.org> commit ce343ec38f26c1d6bf43bd8e2599714b9f371cc1 Author: Michał Górny <mgorny@gentoo.org> Date: Wed Sep 4 04:17:09 2024 +0200 dev-python/django: Bump to 5.0.9 Signed-off-by: Michał Górny <mgorny@gentoo.org> commit e63ec97e7ac22e15d1ce7c18bc53bc455df40fcc Author: Michał Górny <mgorny@gentoo.org> Date: Wed Sep 4 04:18:20 2024 +0200 dev-python/django: Bump to 4.2.16 Signed-off-by: Michał Górny <mgorny@gentoo.org>
cleanup done.
