[Python-modules-team] python-django_1.10.7-2+deb9u8_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Feb 19 08:49:07 GMT 2020


Mapping oldstable-security to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 15 Feb 2020 10:25:11 +0000
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Built-For-Profiles: nocheck
Architecture: source all
Version: 1:1.10.7-2+deb9u8
Distribution: stretch-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby at debian.org>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Closes: 950581
Changes:
 python-django (1:1.10.7-2+deb9u8) stretch-security; urgency=high
 .
   * CVE-2020-7471: Prevent a Potential SQL injection via StringAgg(delimiter).
     (Closes: #950581)
 .
     Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows
     SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in
     Django applications that offer downloads of data as a series of rows with a
     user-specified column delimiter). By passing a suitably crafted delimiter
     to a contrib.postgres.aggregates.StringAgg instance, it was possible to
     break escaping and inject malicious SQL.
Checksums-Sha1:
 00bec81e5c3ecfbfbe2f3a73ec54a18cdacf6b29 2804 python-django_1.10.7-2+deb9u8.dsc
 5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654 python-django_1.10.7.orig.tar.gz
 863b6c87e2d2232eb1352a4e5ce73ee0bd5d7f7e 44688 python-django_1.10.7-2+deb9u8.debian.tar.xz
 f5310b0f95fc877f7bf092f5eeb4fa89dc42c228 1515062 python-django-common_1.10.7-2+deb9u8_all.deb
 dc07d0e62143cc54c4cd4f03cdf4e259cc65b0b3 2536942 python-django-doc_1.10.7-2+deb9u8_all.deb
 145a80c1d0452c8986532eac529db0e20ad75ea0 905372 python-django_1.10.7-2+deb9u8_all.deb
 4387ce6c4adb3850bf7ebc3a92aadbcb0215c8cc 9409 python-django_1.10.7-2+deb9u8_amd64.buildinfo
 24ddd2907c9b4d4911aecdf105336c96302bf51e 886958 python3-django_1.10.7-2+deb9u8_all.deb
Checksums-Sha256:
 818d23d52146c8ca4584a8f9c7d5082278c0843c0c681195a3165e7a3cef41d1 2804 python-django_1.10.7-2+deb9u8.dsc
 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654 python-django_1.10.7.orig.tar.gz
 4a5ea2e8f221f9ed98d47151f800a6714af622b03096e6526608eea035f97608 44688 python-django_1.10.7-2+deb9u8.debian.tar.xz
 751dbac799d1c05c0fac19a20a9057da180a55578773f42a9e6bfe26803f712e 1515062 python-django-common_1.10.7-2+deb9u8_all.deb
 a4979fed7ac26e307f2ee77b100084dbd849ec7ee42bd2c82bb649c753363795 2536942 python-django-doc_1.10.7-2+deb9u8_all.deb
 5d75d78179bc89268260f7920863e3085467b23d39a1426c35a37e278e5c9e7b 905372 python-django_1.10.7-2+deb9u8_all.deb
 de3b20debc5c5a27a640f603c0d5c3357ff14ab7625db16b5fd57a6f8cc291e9 9409 python-django_1.10.7-2+deb9u8_amd64.buildinfo
 b85dd604b7185e02f9cc054533655848bc61f8ccd173ac774fee6327bd702bad 886958 python3-django_1.10.7-2+deb9u8_all.deb
Files:
 7efdfb40740d516b00f9593a18b3e184 2804 python optional python-django_1.10.7-2+deb9u8.dsc
 693dfeabad62c561cb205900d32c2a98 7737654 python optional python-django_1.10.7.orig.tar.gz
 a3c7f33071839a50c74a84a539cdb7bd 44688 python optional python-django_1.10.7-2+deb9u8.debian.tar.xz
 9f9add011e8ecbeb1ba0936f21792a29 1515062 python optional python-django-common_1.10.7-2+deb9u8_all.deb
 3096965d0d03c3bc0d57044df892c7d8 2536942 doc optional python-django-doc_1.10.7-2+deb9u8_all.deb
 69dee9b642ee0eeb3f667adfd1a23edd 905372 python optional python-django_1.10.7-2+deb9u8_all.deb
 a4ed0fd5a6a5567e5c5794f6db7e3e58 9409 python optional python-django_1.10.7-2+deb9u8_amd64.buildinfo
 38840459f9a0b623216986c3e6bdc259 886958 python optional python3-django_1.10.7-2+deb9u8_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5IDSQACgkQHpU+J9Qx
Hljs3BAAs3A71u8mAEq7XL7U6OGnPHto1J5ogeQbXG3cPAJFRFH8E8/dVLYFkwbc
qtQwk2qgRW2qELwQI2VTeozD7urh9OaP4T1NoJWyx+NBbm6QvoCKr+eYJABiJFrf
sPqzXclS9JYJLihr7QL3TGkOAEn76zeD6cvdtASL3x1Mfib4x06aeA/Yh6UocTCv
pEUfKtzbiRi1EwMbz9fbmmv5WCWM/wbx3DN2/veRZtjIeYTH38rm+k2QA7oG/5bf
Fs7Df6nw6QjTb/NSbWRwVggC60Q+Pt4t/SfpMu9XgwDy8pFxyZtfVIhmy/ixL4EL
+T9RCL44dqtR6KQgQcW61iEog4/NXRhFPhLpD8f8/pNTLtrww7SbpHwAbxRK0k7q
BWF6b+vboDo9U2XzT9ituHALzlAxalmdcVLU2BPdijOyyGOeVU6AW/vcpFyascTX
9MDRKb60fwv3AQ9EbT5/6mAxLApIzoteZPTVw8STfrTs+RkHYVdTZfryopFGSupm
8pJUqHF5DpSNLuhWJFo3ZL82Hk2pLI4VmqetxPDHwcL7b34fr5U7edXumUqn9GNu
+C0bjObB4H5A0GJPSbQLVOg07FtKT4E6nruJL5YKnQ2P+QWjkZqt+OXB9QJwr7K7
PXsRkMxvr2WWabTFVJcDAzhYIDkRPbojakpr5cTvFCDkrsIVyXU=
=igYA
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Python-modules-team mailing list