Ubuntu has issued an advisory on May 7: https://ubuntu.com/security/notices/USN-7501-1 Uptream fix: https://github.com/django/django/commit/9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c
Status comment: (none) => Patch available from upstream and UbuntuCVE: (none) => CVE-2025-32873Source RPM: (none) => python-django-4.1.13-1.3.mga9.src.rpm
Suggested advisory: ======================== The updated package fixes a security vulnerability: An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). (CVE-2025-32873) References: https://ubuntu.com/security/notices/USN-7501-1 ======================== Updated package in core/updates_testing: ======================== python3-django-4.1.13-1.4.mga9 from SRPM: python-django-4.1.13-1.4.mga9.src.rpm
Status comment: Patch available from upstream and Ubuntu => (none)Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugs
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues. Ref bug 32944 Comment 3 for testing - Tx, Len. $ django-admin startproject mysite [tester9@mach3 django]$ tree mysite mysite ├── manage.py └── mysite ├── asgi.py ├── __init__.py ├── settings.py ├── urls.py └── wsgi.py 2 directories, 6 files $ cd mysite/ $ python manage.py migrate Operations to perform: Apply all migrations: admin, auth, contenttypes, sessions Running migrations: Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK Applying admin.0001_initial... OK Applying admin.0002_logentry_remove_auto_add... OK Applying admin.0003_logentry_add_action_flag_choices... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK Applying auth.0006_require_contenttypes_0002... OK Applying auth.0007_alter_validators_add_error_messages... OK Applying auth.0008_alter_user_username_max_length... OK Applying auth.0009_alter_user_last_name_max_length... OK Applying auth.0010_alter_group_name_max_length... OK Applying auth.0011_update_proxy_permissions... OK Applying auth.0012_alter_user_first_name_max_length... OK Applying sessions.0001_initial... OK $ python manage.py runserver Watching for file changes with StatReloader Performing system checks... System check identified no issues (0 silenced). May 09, 2025 - 14:01:30 Django version 4.1.13, using settings 'mysite.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. I could visit the page, see its little rocket and links to documentation etc... Good to go for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0153.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED