USN-7136-2: Django vulnerability
USN-7136-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
jiangniao discovered that Django incorrectly handled the API to strip
tags. A remote attacker could possibly use this issue to cause Django to
consume resources, leading to a denial of service. (CVE-2024-53907)
Seokchan Yoon discovered that Django incorrectly handled HasKey lookups
when using Oracle. A remote attacker could possibly use this issue to
inject arbitrary SQL code. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2024-53908)