1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted python-django 3:3.2.19-1+deb12u2 (source) into proposed-update

    From Debian FTP Masters@21:1/5 to All on Sat Aug 24 16:40:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Wed, 21 Aug 2024 12:08:24 +0100
    Source: python-django
    Architecture: source
    Version: 3:3.2.19-1+deb12u2
    Distribution: bookworm
    Urgency: high
    Maintainer: Debian Python Team <team+python@tracker.debian.org>
    Changed-By: Steve McIntyre <93sam@debian.org>
    Closes: 1076069 1078074
    Changes:
    python-django (3:3.2.19-1+deb12u2) bookworm; urgency=high
    .
    * Rename CVE-2023-36053.patch to 0014-CVE-2023-36053.patch
    * Backport upstream fixes in 3:4.2.14-1:
    * Closes: #1076069
    * CVE-2024-39329: Standardize timing of verify_password() when
    checking unusable passwords.
    * CVE-2024-39330: Add extra file name validation in Storage's save
    method.
    * CVE-2024-39614: Mitigate potential DoS in
    get_supported_language_variant.
    * The patch for CVE-2024-38875 won't sensibly backport.
    * Backport upstream fixes in 3:4.2.15-1:
    * Closes: #1078074
    * CVE-2024-41989: Prevent excessive memory consumption in floatformat.
    * CVE-2024-41991: Prevente potential ReDoS in django.utils.html.urlize()
    and AdminURLFieldWidget.
    * CVE-2024-42005: Mitigate QuerySet.values() SQL injection attacks against JSON fields
    Backport and tweak the upstream fix series to fit into 3.2.
    * The patch for CVE-2024-41990 won't sensibly backport.
    Checksums-Sha1:
    df8a6b32878dc0bfad9dbb2c01848fed26b51af9 2864 python-django_3.2.19-1+deb12u2.dsc
    c172c32184f8dd1e3fa9d5373fd2d3d93181bc5e 48884 python-django_3.2.19-1+deb12u2.debian.tar.xz
    80c61eae4d36cdc38999c6ac345d3626dfe7b201 14089 python-django_3.2.19-1+deb12u2_source.buildinfo
    Checksums-Sha256:
    6965317a38ababa6ecac1d731c5c5eb7c186e59906da4013300a8a0bf3cc7809 2864 python-django_3.2.19-1+deb12u2.dsc
    6bc87771c69baa09c64b2ca7918470f55a12f4fcbab0f30b004a8b383bc2e11b 48884 python-django_3.2.19-1+deb12u2.debian.tar.xz
    34f194b448ee46fcf03e7db7cd3c47dd04ce8a632fb90dd72def44eb6b601e63 14089 python-django_3.2.19-1+deb12u2_source.buildinfo
    Files:
    8cd1dd7e7b430b871d74936f4bc51a3f 2864 python optional python-django_3.2.19-1+deb12u2.dsc
    7877957da3f282b1dce79bbdc1b90df7 48884 python optional python-django_3.2.19-1+deb12u2.debian.tar.xz
    b63403ce4e5576491f3d3e61ba688a63 14089 python optional python-django_3.2.19-1+deb12u2_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmbIb6MRHDkzc2FtQGRl Ymlhbi5vcmcACgkQWHl5VzRCaE7yBg//SixN+DRgxb/0QUTcav3HLwp/g75VlFWp FR4brrdjgMozLXNRUsRqn7zsH0MiN7UvllvW5c0F+du547bFZG2OlvtrO/y/q3j4 Nf3OsMCgakkNHCuaZ2kvZXy6vV5FSAhlhD8dPC5ndt5GrbmtK4oWTogSOXkHa9N3 HbFc8SdVMubrfOFCAY17xyTDoKSKM5+rssHbLtKCS7bFtccWgZqBQ5ZKTsSZn4si hSkJBM7ku/OscnLzf8lHX/15NSx+25ZrI4lOiqSqIS/T9DKp4AbX7KRXZqnRR8fm ZhiyzkBI4CkJK6HmBPIP7zMtxHTQ+Smz5C2ubfZ0JnHThkawOGSsg/lowFjeezSx Ldylj5QST3R8Zyc/91P7X2MVbmUVM8CKWLBHMxu40wE97bT2EehSjuLmlvf5ey7O 8vFz5IBqZgu7QOzWUxQ/1ytR/K4/xKNy0e3e2uoplN8Pe/oFDlkP2JBkhh8UMJnY iSPPVR3Z6VUww3gc/TJlWX3y8TrYAqAyuuZUgCiVXbQuOPCqzZDS0SNwOszhi6cN G+msHZPwjQTF/HauSBV8VB/PNufIYsBlB3uWseqrnbhs08+lVDsaQKtCDuGrr6/I AEA0IoPWd4GtIMQTv/Vfxnfd88b5N1dZwsr1p0RCik4qjcasKyub50JGthJ7MKhL
    L8QdZX/0ISY=
    =Khoa
    -----END PGP SIGNATURE-----


    --==============É60781958862185715=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZsnu6QAKCRCb9qggYcy5 IeznAP44O1qIE+WWz8U0COZdvZbd+ls12nPSPSER/qWadRkB+wD8Da/2DqA2Cn7r 4jTR0NymOk/Q00fv0rkCc35PjH8UmQ0=LFQV
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)