[Python-modules-team] python-django_1.11.28-1~deb10u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Feb 25 19:47:34 GMT 2020
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 14 Feb 2020 10:00:33 +0000
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Built-For-Profiles: nocheck
Architecture: source all
Version: 1:1.11.28-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby at debian.org>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 950581
Changes:
python-django (1:1.11.28-1~deb10u1) buster-security; urgency=high
.
* New upstream security release. (Closes: #950581)
<https://www.djangoproject.com/weblog/2020/feb/03/security-releases/>
.
- CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
.
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3
allows SQL Injection if untrusted data is used as a StringAgg delimiter
(e.g., in Django applications that offer downloads of data as a series of
rows with a user-specified column delimiter). By passing a suitably
crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it
was possible to break escaping and inject malicious SQL.
Checksums-Sha1:
68aff58b16ac698d772f1d208ff3b7e4d8ccebfd 3267 python-django_1.11.28-1~deb10u1.dsc
1537a67692f9f724d005631cc035d9a58648934a 7852525 python-django_1.11.28.orig.tar.gz
0aaf74684fec34304800795dfce4c38c4c2fa9e2 27456 python-django_1.11.28-1~deb10u1.debian.tar.xz
76770ff673fe837ec2bb661baf1190d8ef5685aa 1538384 python-django-common_1.11.28-1~deb10u1_all.deb
4d2baa4d8c66f3a35628c60344789c4d47894199 2645532 python-django-doc_1.11.28-1~deb10u1_all.deb
bc275075c3758ed659057adae9f1bb83ddc3dffe 917656 python-django_1.11.28-1~deb10u1_all.deb
c9307b5a4d69d3f31c860c2cea6a11a0a8b36860 8678 python-django_1.11.28-1~deb10u1_amd64.buildinfo
8d9554ac05abc114dcd6a60b6f667ed0ee42d609 917484 python3-django_1.11.28-1~deb10u1_all.deb
Checksums-Sha256:
df53495eff61862bd3dba2a95b6c7eb169cdc413acb525b531d53c3739d816c3 3267 python-django_1.11.28-1~deb10u1.dsc
b33ce35f47f745fea6b5aa3cf3f4241069803a3712d423ac748bd673a39741eb 7852525 python-django_1.11.28.orig.tar.gz
7f6ca2dceae94f9393b8bae039a4a4979a8d23b26aff818d528d116287ddc9fb 27456 python-django_1.11.28-1~deb10u1.debian.tar.xz
2ca93d4d6a12ae6953a5c41856a571b36e3152fdff07a6f45c1168b7cfc8be9e 1538384 python-django-common_1.11.28-1~deb10u1_all.deb
48c91a5ccc05f6621a90cf5b66c35c3886b6e93107d19fe4b2f79a4fd3ab22db 2645532 python-django-doc_1.11.28-1~deb10u1_all.deb
65b9375cff1c68e2216d780d23d4fdc12601175606a8360caafc2ffface1adc2 917656 python-django_1.11.28-1~deb10u1_all.deb
5f359d846ff740e9d0578782eff958894ef078c709a20391d7f11a457417ee45 8678 python-django_1.11.28-1~deb10u1_amd64.buildinfo
702b9447162c29715b6e014a939adda36dfec3f373d860e0cacbd9f5483f8be8 917484 python3-django_1.11.28-1~deb10u1_all.deb
Files:
4bab6ea2e61b6b067bb829c1368bc8f7 3267 python optional python-django_1.11.28-1~deb10u1.dsc
8a21a5148aece7f6110d6ff3a9f57652 7852525 python optional python-django_1.11.28.orig.tar.gz
a7c38bbc02b1eaf89d10a8bb852e51fa 27456 python optional python-django_1.11.28-1~deb10u1.debian.tar.xz
df07c5aef8148a3a88f5e6ad6e61a5ad 1538384 python optional python-django-common_1.11.28-1~deb10u1_all.deb
ec5d842323a6ae29dda74e34b4b80df2 2645532 doc optional python-django-doc_1.11.28-1~deb10u1_all.deb
9994ae8ef25687386a5fcc9e85daaf32 917656 python optional python-django_1.11.28-1~deb10u1_all.deb
c1dd520478b5ac657c62e285c52b84f0 8678 python optional python-django_1.11.28-1~deb10u1_amd64.buildinfo
56d81f601c692c2d10c179a8e46e159b 917484 python optional python3-django_1.11.28-1~deb10u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5HufcACgkQHpU+J9Qx
HlhPSg/+MKd8OxXFA7vQ6dzMUOD3dItGDZKx88gJANS/jlQQ2gnkWZ57j/7LbR46
bY1DWQU1AabDxMQLnlDWY0t0dQlwyxb7xm9HrSDBdHDtxEKOq0horC7yljLUNjuv
sAR4Xx7N1rU+tDsE7/L3GWAZTC7P5jKrx3rqavCh4Xl/KmGPqxSjNJrurixfAnjo
HdtbxiwAvuCpiFNFFusdB4sk7TBkahegin6VOZgWaNGfpoZsIsMBhAMeyCkVE1vc
t1K35ZNX5ijAr5tnPkLkhIMcJUpny1IbANAOWDeKxo4+dqeX4voVGU56BNOs3a9l
jwKjYe81OaiQKh5paq7eX95EgwPlZB7OmCO/biYwqtsv5D1xQqJr/sjBeIzHlxwD
RUp26ENyEnPH+wSV91vpV7E529bQiPC4jHH2yNiv/j0A8bOXZ1FZgXavdizG731f
uw2jehTlmxDm7ZLvuaNReEu+gAVJki055Q0Vcfm39KTxi6SCIgbuxIlblI7RKWtm
y1opGV9orSrN/LwUeR6vuiQYd+GzBJLPYoO5tyoX57M2PMq01B79VOVtqRlZYl1/
xKA6HFLp5G/ewtd+7pTGe/osKpn+Fkd0Y9YKOfIOfv3ODvx/q8YfSCds2QirdJDk
/d6Rm+dUXuuOuvm0ge3FyfInWfA+XDogmR0WrIZtAmev+rzNjhA=
=t4TZ
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Python-modules-team
mailing list