-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 14 Jun 2020 12:15:26 +0100 Source: python-django Binary: python-django python-django-common python-django-doc python3-django Built-For-Profiles: nocheck Architecture: source all Version: 1:1.11.29-1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Changes: python-django (1:1.11.29-1~deb10u1) buster-security; urgency=high . * New upstream security release (postponed from March 2020): . - CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle . Note that Django 1.11.x left upstream's extended security support on April 1st 2020. For more information, please see: . https://www.djangoproject.com/download/ . * This upload also fixes the following security issues: . - CVE-2020-13254: Potential a data leakage via malformed memcached keys. . In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends. . - CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget. . Query parameters to the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query parameters are correctly URL encoded. Checksums-Sha1: 8099277f133478f57fa4d3a56894c51f18d0e431 3267 python-django_1.11.29-1~deb10u1.dsc e71620c18c985d8f5381bd87c02dbd23f1f48dd0 7977916 python-django_1.11.29.orig.tar.gz 0be19435ba5e5a0bdef027b611c4b352029a110d 29564 python-django_1.11.29-1~deb10u1.debian.tar.xz a9689f9f48d40477b00a8ac188131be079de8c52 1538668 python-django-common_1.11.29-1~deb10u1_all.deb 22cff9c0e2698a0d74677a4f2177d98867c7d069 2646328 python-django-doc_1.11.29-1~deb10u1_all.deb 9394067bf4ea170bf6a66a9f05b8d101d13c64e4 918180 python-django_1.11.29-1~deb10u1_all.deb 89f7dca50b6662159b1ffcf371fc03642dcdab16 8652 python-django_1.11.29-1~deb10u1_amd64.buildinfo 65852358a5a848d8cf5d088bdd4fd20ae4538219 917944 python3-django_1.11.29-1~deb10u1_all.deb Checksums-Sha256: e591a8d537a1ff724e16d3778b720883acb2f09e700e40386b99a77cfc21e369 3267 python-django_1.11.29-1~deb10u1.dsc 4200aefb6678019a0acf0005cd14cfce3a5e6b9b90d06145fcdd2e474ad4329c 7977916 python-django_1.11.29.orig.tar.gz 33c1e149568e0eb2a769a54c12099a7083d8300b0bdf9ddfa8f99bbe9333bb1c 29564 python-django_1.11.29-1~deb10u1.debian.tar.xz 89b2371720b8032029d634838dda691d6292dfb157cb6ccf1d7ae5ab33d3172f 1538668 python-django-common_1.11.29-1~deb10u1_all.deb 65e6066e2dab99d145cec51098c5415a0b4b8a4e476f7d13a4c95aa2fe16fa8f 2646328 python-django-doc_1.11.29-1~deb10u1_all.deb 45778d0a9f0b5ca3435dc941dcc18050199e7fa05d40397397b9feeb25fda584 918180 python-django_1.11.29-1~deb10u1_all.deb 4babda32db0a8e752dd8c0f9785393d81146fe024f93e07412d6894e46da8043 8652 python-django_1.11.29-1~deb10u1_amd64.buildinfo 4e356b9800abc3ce2fc2fd42d60b77c7de543ccbfc1ea4b84c9ce036e3668664 917944 python3-django_1.11.29-1~deb10u1_all.deb Files: 49fa1856f18fd46ea68fb83157c88d48 3267 python optional python-django_1.11.29-1~deb10u1.dsc e725953dfc63ea9e3b5b0898a8027bd7 7977916 python optional python-django_1.11.29.orig.tar.gz 55af0eda9524311adc67cac75485df9b 29564 python optional python-django_1.11.29-1~deb10u1.debian.tar.xz fac49e12597bae601ef8b87528b345a0 1538668 python optional python-django-common_1.11.29-1~deb10u1_all.deb 207429b2cf68c9dfcb1e9720cf2b561c 2646328 doc optional python-django-doc_1.11.29-1~deb10u1_all.deb b2eb279f13d2302d1f9d837ce9e438cf 918180 python optional python-django_1.11.29-1~deb10u1_all.deb 48718377368dd6c0f390f3cf55751ef7 8652 python optional python-django_1.11.29-1~deb10u1_amd64.buildinfo de6cb52261dee18d787b34f2d3f3d0c6 917944 python optional python3-django_1.11.29-1~deb10u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7p99QACgkQHpU+J9Qx HljT2w/+MrFGendzaZJdGd4utykEGGUOhLfMJh5xjOCkGUriWbdYnuGNzR+wTLnc MiayQZBrQolp190jgic9YoIkul82yTNnuP8pRe30ljWWg9PM3aq4KTTHE0ApTWdm AMwfc3vp9oxpqtLv5NN9vcrizNAwpPVlEIdLwfMR+ccKKbCDLNjGJUt+jWqCZ/gc waf3BLr7EOYkfoKk2l57DAil1JaBzerhYwdjqDkww96+GiWGq4a8SFZDsDYoqyPm oo23yaZ3aahdM+xV0BFLSyV8GZ2ON+i80d2WPMlC3xPMOglLuEwocDOeeMKq+kit v502zJmkCVT1BSn4oWXfjgJ9o9yGHsSvsNA94Qfa7enkko5HFKVHamkw9QgVFR4r Z/QHuwl5UC1DZCDkUCl96UVgsxYcTnauvzzW8c3Jb2mjE5B0O2xI7lz+1Bq1aLzA zxb3anOjPJvN558nzKJGOW5jw+QAHHX6zkOqmWyd/t/vNe2Nh37QOLMqWa63ruaV 9dH1kd8btikhQ8F1iZEaKxpW/YhZ5THow3vB5oYxJdXhoQ1jSP8SpqEJ7RhB/7rA 5ugfzAffPEWq0CtOKaVllv+OnPSow50WHtZ3JF7ihtgmSGib/meZkEGGhpG4KSL+ dtkyzbzn9vBmYlb2L8HaTydKz5lBPTJqrxNQ4QvW31CHYa/al7k= =mU6R -----END PGP SIGNATURE-----