[Python-modules-team] python-django_1.11.29-1~deb10u1_amd64.changes ACCEPTED into proposed-updates->stable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Thu Jun 18 10:04:01 BST 2020 

Mapping stable-security to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 14 Jun 2020 12:15:26 +0100
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Built-For-Profiles: nocheck
Architecture: source all
Version: 1:1.11.29-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby at debian.org>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Changes:
 python-django (1:1.11.29-1~deb10u1) buster-security; urgency=high
 .
   * New upstream security release (postponed from March 2020):
 .
     - CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS
       functions and aggregates on Oracle
 .
     Note that Django 1.11.x left upstream's extended security support on April
     1st 2020. For more information, please see:
 .
       https://www.djangoproject.com/download/
 .
   * This upload also fixes the following security issues:
 .
     - CVE-2020-13254: Potential a data leakage via malformed memcached keys.
 .
       In cases where a memcached backend does not perform key validation,
       passing malformed cache keys could result in a key collision, and
       potential data leakage. In order to avoid this vulnerability, key
       validation is added to the memcached cache backends.
 .
     - CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget.
 .
       Query parameters to the admin ForeignKeyRawIdWidget were not properly URL
       encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures
       query parameters are correctly URL encoded.
Checksums-Sha1:
 8099277f133478f57fa4d3a56894c51f18d0e431 3267 python-django_1.11.29-1~deb10u1.dsc
 e71620c18c985d8f5381bd87c02dbd23f1f48dd0 7977916 python-django_1.11.29.orig.tar.gz
 0be19435ba5e5a0bdef027b611c4b352029a110d 29564 python-django_1.11.29-1~deb10u1.debian.tar.xz
 a9689f9f48d40477b00a8ac188131be079de8c52 1538668 python-django-common_1.11.29-1~deb10u1_all.deb
 22cff9c0e2698a0d74677a4f2177d98867c7d069 2646328 python-django-doc_1.11.29-1~deb10u1_all.deb
 9394067bf4ea170bf6a66a9f05b8d101d13c64e4 918180 python-django_1.11.29-1~deb10u1_all.deb
 89f7dca50b6662159b1ffcf371fc03642dcdab16 8652 python-django_1.11.29-1~deb10u1_amd64.buildinfo
 65852358a5a848d8cf5d088bdd4fd20ae4538219 917944 python3-django_1.11.29-1~deb10u1_all.deb
Checksums-Sha256:
 e591a8d537a1ff724e16d3778b720883acb2f09e700e40386b99a77cfc21e369 3267 python-django_1.11.29-1~deb10u1.dsc
 4200aefb6678019a0acf0005cd14cfce3a5e6b9b90d06145fcdd2e474ad4329c 7977916 python-django_1.11.29.orig.tar.gz
 33c1e149568e0eb2a769a54c12099a7083d8300b0bdf9ddfa8f99bbe9333bb1c 29564 python-django_1.11.29-1~deb10u1.debian.tar.xz
 89b2371720b8032029d634838dda691d6292dfb157cb6ccf1d7ae5ab33d3172f 1538668 python-django-common_1.11.29-1~deb10u1_all.deb
 65e6066e2dab99d145cec51098c5415a0b4b8a4e476f7d13a4c95aa2fe16fa8f 2646328 python-django-doc_1.11.29-1~deb10u1_all.deb
 45778d0a9f0b5ca3435dc941dcc18050199e7fa05d40397397b9feeb25fda584 918180 python-django_1.11.29-1~deb10u1_all.deb
 4babda32db0a8e752dd8c0f9785393d81146fe024f93e07412d6894e46da8043 8652 python-django_1.11.29-1~deb10u1_amd64.buildinfo
 4e356b9800abc3ce2fc2fd42d60b77c7de543ccbfc1ea4b84c9ce036e3668664 917944 python3-django_1.11.29-1~deb10u1_all.deb
Files:
 49fa1856f18fd46ea68fb83157c88d48 3267 python optional python-django_1.11.29-1~deb10u1.dsc
 e725953dfc63ea9e3b5b0898a8027bd7 7977916 python optional python-django_1.11.29.orig.tar.gz
 55af0eda9524311adc67cac75485df9b 29564 python optional python-django_1.11.29-1~deb10u1.debian.tar.xz
 fac49e12597bae601ef8b87528b345a0 1538668 python optional python-django-common_1.11.29-1~deb10u1_all.deb
 207429b2cf68c9dfcb1e9720cf2b561c 2646328 doc optional python-django-doc_1.11.29-1~deb10u1_all.deb
 b2eb279f13d2302d1f9d837ce9e438cf 918180 python optional python-django_1.11.29-1~deb10u1_all.deb
 48718377368dd6c0f390f3cf55751ef7 8652 python optional python-django_1.11.29-1~deb10u1_amd64.buildinfo
 de6cb52261dee18d787b34f2d3f3d0c6 917944 python optional python3-django_1.11.29-1~deb10u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7p99QACgkQHpU+J9Qx
HljT2w/+MrFGendzaZJdGd4utykEGGUOhLfMJh5xjOCkGUriWbdYnuGNzR+wTLnc
MiayQZBrQolp190jgic9YoIkul82yTNnuP8pRe30ljWWg9PM3aq4KTTHE0ApTWdm
AMwfc3vp9oxpqtLv5NN9vcrizNAwpPVlEIdLwfMR+ccKKbCDLNjGJUt+jWqCZ/gc
waf3BLr7EOYkfoKk2l57DAil1JaBzerhYwdjqDkww96+GiWGq4a8SFZDsDYoqyPm
oo23yaZ3aahdM+xV0BFLSyV8GZ2ON+i80d2WPMlC3xPMOglLuEwocDOeeMKq+kit
v502zJmkCVT1BSn4oWXfjgJ9o9yGHsSvsNA94Qfa7enkko5HFKVHamkw9QgVFR4r
Z/QHuwl5UC1DZCDkUCl96UVgsxYcTnauvzzW8c3Jb2mjE5B0O2xI7lz+1Bq1aLzA
zxb3anOjPJvN558nzKJGOW5jw+QAHHX6zkOqmWyd/t/vNe2Nh37QOLMqWa63ruaV
9dH1kd8btikhQ8F1iZEaKxpW/YhZ5THow3vB5oYxJdXhoQ1jSP8SpqEJ7RhB/7rA
5ugfzAffPEWq0CtOKaVllv+OnPSow50WHtZ3JF7ihtgmSGib/meZkEGGhpG4KSL+
dtkyzbzn9vBmYlb2L8HaTydKz5lBPTJqrxNQ4QvW31CHYa/al7k=
=mU6R
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Python-modules-team mailing list