| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-disable-sources-in-sphinxdoc.diff | Disable creation of _sources directory by Sphinx We do this to save some space as the sources of the documentation are not really useful in a binary package. . This is a Debian specific patch. |
=?utf-8?q?Rapha=C3=ABl_Hertzog?= <hertzog@debian.org> | not-needed | vendor | 2015-10-11 | |
| 0002-use_debian_geoip_database_as_default.diff | Use Debian GeoIP database path as default Default to Debian standard path for GeoIP directory and for GeoIP city file. Avoids the need to declare them in each project. . This is a Debian specific patch. |
Tapio Rantala <tapio.rantala@iki.fi> | not-needed | debian | 2015-10-11 | |
| 0004-Use-locally-installed-documentation-sources.patch | Use locally installed documentation sources | Brian May <bam@debian.org> | no | 2017-06-24 | ||
| 0004-Set-the-default-shebang-to-new-projects-to-use-Pytho.patch | Set the default shebang to new projects to use Python 3. | Chris Lamb <lamby@debian.org> | no | 2017-09-24 | ||
| 0005-Use-usr-bin-env-python3-shebang-for-django-admin.py.patch | Use #!/usr/bin/env python3 shebang for django-admin.py. | Chris Lamb <lamby@debian.org> | no | 2017-09-26 | ||
| 0006-Moved-RequestSite-import-to-the-toplevel.patch | Moved RequestSite import to the toplevel. Via https://github.com/django/django/commit/78163d1ac4407d59bfc5fdf1f84f2dbbb2ed3443 |
Claude Paroz <claude@2xlibre.net> | no | 2021-11-11 | ||
| 0007-fix-url-validator.patch | Fixed URLValidator crash in some edge cases | Pedro Schlickmann Mendes <windowsxpedro@gmail.com> | yes | upstream | upstream, https://github.com/django/django/commit/e8b4feddc34ffe5759ec21da8fa027e86e653f1c | 2021-12-15 |
| CVE-2022-34265.patch | [PATCH] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. Thanks Takuto Yoshikai (Aeye Security Lab) for the report. |
Mariusz Felisiak <felisiak.mariusz@gmail.com> | no | 2022-06-22 | ||
| CVE-2022-36359.patch | [PATCH] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. Thanks to Motoyasu Saburi for the report. |
Carlton Gibson <carlton.gibson@noumenal.es> | no | 2022-07-20 | ||
| CVE-2022-41323.patch | [PATCH] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. Thanks to Benjamin Balder Bach for the report. |
Adam Johnson <me@adamj.eu> | no | 2022-09-02 | ||
| CVE-2023-36053.patch | [PATCH] [3.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. Thanks Seokchan Yoon for reports. |
Mariusz Felisiak <felisiak.mariusz@gmail.com> | no | 2023-06-14 | ||
| CVE-2023-31047.patch | [PATCH] [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field. Thanks Moataz Al-Sharida and nawaik for reports. |
Mariusz Felisiak <felisiak.mariusz@gmail.com> | no | 2023-04-13 | ||
| CVE-2023-24580.patch | [PATCH] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. Thanks to Jakob Ackermann for the report. |
Markus Holtermann <info@markusholtermann.eu> | no | 2022-12-13 | ||
| CVE-2023-23969.patch | [PATCH] [3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Accept-Language headers are now limited to a maximum length in order to avoid this issue. |
Nick Pope <nick@nickpope.me.uk> | no | 2023-01-25 |