@@ -36,6 +36,46 @@ Issues under Django's security process
3636All security issues have been handled under versions of Django's security
3737process. These are listed below.
3838
39+ August 6, 2024 - :cve:`2024-42005`
40+ ----------------------------------
41+
42+ Potential SQL injection in ``QuerySet.values()`` and ``values_list()``.
43+ `Full description
44+ <https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>`__
45+
46+ * Django 5.0 :commit:`(patch) <32ebcbf2e1fe3e5ba79a6554a167efce81f7422d>`
47+ * Django 4.2 :commit:`(patch) <f4af67b9b41e0f4c117a8741da3abbd1c869ab28>`
48+
49+ August 6, 2024 - :cve:`2024-41991`
50+ ----------------------------------
51+
52+ Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` and
53+ ``AdminURLFieldWidget``. `Full description
54+ <https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>`__
55+
56+ * Django 5.0 :commit:`(patch) <523da8771bce321023f490f70d71a9e973ddc927>`
57+ * Django 4.2 :commit:`(patch) <efea1ef7e2190e3f77ca0651b5458297bc0f6a9f>`
58+
59+ August 6, 2024 - :cve:`2024-41990`
60+ ----------------------------------
61+
62+ Potential denial-of-service vulnerability in ``django.utils.html.urlize()``.
63+ `Full description
64+ <https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>`__
65+
66+ * Django 5.0 :commit:`(patch) <7b7b909579c8311c140c89b8a9431bf537febf93>`
67+ * Django 4.2 :commit:`(patch) <d0a82e26a74940bf0c78204933c3bdd6a283eb88>`
68+
69+ August 6, 2024 - :cve:`2024-41989`
70+ ----------------------------------
71+
72+ Potential memory exhaustion in ``django.utils.numberformat.floatformat()``.
73+ `Full description
74+ <https://www.djangoproject.com/weblog/2024/aug/06/security-releases/>`__
75+
76+ * Django 5.0 :commit:`(patch) <27900fe56f3d3cabb4aeb6ccb82f92bab29073a8>`
77+ * Django 4.2 :commit:`(patch) <fc76660f589ac07e45e9cd34ccb8087aeb11904b>`
78+
3979July 9, 2024 - :cve:`2024-39614`
4080--------------------------------
4181
0 commit comments