-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 13 Jun 2020 15:47:14 +0100 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Built-For-Profiles: nocheck Architecture: source all Version: 1:1.10.7-2+deb9u9 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Changes: python-django (1:1.10.7-2+deb9u9) stretch-security; urgency=high . * CVE-2020-13254: Potential a data leakage via malformed memcached keys. . In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability, key validation is added to the memcached cache backends. . * CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget. . Query parameters to the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query parameters are correctly URL encoded. Checksums-Sha1: e9426589ecf10cd4805ec672759131c6added447 2804 python-django_1.10.7-2+deb9u9.dsc 561a9de7d32f6d6248db5b3f41a615e5bf954bb7 46376 python-django_1.10.7-2+deb9u9.debian.tar.xz 6d30ab0060e3775862c27c23feff714c9f3ea1d6 1515556 python-django-common_1.10.7-2+deb9u9_all.deb b4214ba457957e2e34bdd22d6ca73eabe74f7986 2537014 python-django-doc_1.10.7-2+deb9u9_all.deb f0e21c89eac25d7dcfcba03c2e52648d5e929598 905646 python-django_1.10.7-2+deb9u9_all.deb d857e383076c296da2440e035562d65df18f92e7 9430 python-django_1.10.7-2+deb9u9_amd64.buildinfo f5689b43b0a60516fce6e8f01349d68aa0da15ac 887316 python3-django_1.10.7-2+deb9u9_all.deb Checksums-Sha256: a9dd7a30a924423de3a2ea18ee34be27654b759a93543b5d092463da2d2762ce 2804 python-django_1.10.7-2+deb9u9.dsc cfd73e3e22b30ddbcee701d5f2061d3f9ebf948e628b9560dff89b55a439e576 46376 python-django_1.10.7-2+deb9u9.debian.tar.xz 3ebd253d7605a8234fd80d18c71ba27d784542b85809245c4cc35828e4aa2912 1515556 python-django-common_1.10.7-2+deb9u9_all.deb 1653b6f7fb9ecc1cf8e8ec9c7fc06cba94973063687a7933e69f82d94dacece1 2537014 python-django-doc_1.10.7-2+deb9u9_all.deb 7b7f3791bc1d8988eb774af1ae8885c55aed2dd369d17b770851177ef46bbd1b 905646 python-django_1.10.7-2+deb9u9_all.deb 239ab13628404c29845d25e9dc56d9c1d495e03562045547ee036bd72abaaf9e 9430 python-django_1.10.7-2+deb9u9_amd64.buildinfo c74d2a83ed957a45ead42b30d2b63b450bd8d482a3560a2a20eee2b89b3cdfbf 887316 python3-django_1.10.7-2+deb9u9_all.deb Files: 9a792e5efec85f72f1c524874b80552a 2804 python optional python-django_1.10.7-2+deb9u9.dsc 236ce0e188568f95e2fc78f3163b077e 46376 python optional python-django_1.10.7-2+deb9u9.debian.tar.xz f15def45b854a42ffa8f0d56e5a919bc 1515556 python optional python-django-common_1.10.7-2+deb9u9_all.deb a430928af30934995e0a5be14f4bdaa6 2537014 doc optional python-django-doc_1.10.7-2+deb9u9_all.deb 476a6f087c33252d8ea20094687be5a1 905646 python optional python-django_1.10.7-2+deb9u9_all.deb 74ba69a7335e93fa088cae81b754c478 9430 python optional python-django_1.10.7-2+deb9u9_amd64.buildinfo 8233bcf170de3075452567231e8e6b1f 887316 python optional python3-django_1.10.7-2+deb9u9_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7p9r4ACgkQHpU+J9Qx Hlh3rg//XMx3dr1gqlSgZhSlrAMIu0Thh13mDde/2scCcvX2DZClDT+xRbbTLLbQ secqP604vypfISFfi65jk9v5Vocjxh9VDxrxnRktY7sMFLxNsRb+lst8MTirl4ZY kHNGf2/7cEx5dj9H7lIcgzZP4ANV9kQmyxvVwBwLpUWB2AvC6Lxcseqpno9BG4eT lE7B9qZ5j+bQKHVR6SUWS3T6uVlQOCPODXS09jDw+2nN/QoFvWdVFTlSGWsd3dHn FJTXTd+NHUid8KGn789wrOtycJ9y/FA0Qx9XLH7+65R8yoBKVm7mM5JZtGRBtWEq NAxD6HJgJ663/Ca9wus9ZjmsNZ0lApjUh2R06ZNcVwhrYm/6//976uJ/v/RIM7OC L+B3UO2p/DdpwzZzo0Pl5onfBFoxKokuqQikg2wQm1pRryVLk+2u3dBL4tmbMkez IbUd5oSDtycIhG6BHRSi6Henmvbha3cs/Xp0L7Ld5UW5uORhkujG2eoWPBIGSK4Z a94zCuYVpPOCF0pptgqvDqVtCSctgZTd3AVMN0P0cZw9MgYXioZMPBeFjHC9VLCp MADVvP7WiImks3ESpZrS2Ew2LKcXOmRrK1prVySTTrEiezNJDWTETHdOqfDQOfu5 hvTHDDv0P28gOFIOKkUFs0NB8f8XivOWq12yrCywyqOT2ZkGqUY= =ZzdK -----END PGP SIGNATURE-----