-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 01 Feb 2021 11:59:58 +0000 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:2.2.18-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 981562 Changes: python-django (2:2.2.18-1) unstable; urgency=medium . * New upstream security release: . - CVE-2021-3281: Potential directory-traversal via archive.extract(). . The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments. (Closes: #981562) . <https://www.djangoproject.com/weblog/2021/feb/01/security-releases/> . * Drop 0006-Fixed-31850-Fixed-BasicExtractorTests.test_extractio.patch; applied upstream. Checksums-Sha1: 5be0eab5bc2ea4687d6b39aecc90c422fc985c9a 2779 python-django_2.2.18-1.dsc b0f4d5e684f70717113d79dfe44c5d8bf88a826a 9180844 python-django_2.2.18.orig.tar.gz 62f00a124fc13312879d0440e4d1b662e947cb64 26532 python-django_2.2.18-1.debian.tar.xz 1a2e627e3e76e8484c5024bb33c6ca1a0dd00e33 7781 python-django_2.2.18-1_amd64.buildinfo Checksums-Sha256: 95cb504064636be4757c71bd85b63bf43f8971136e8210fd705efa732307318c 2779 python-django_2.2.18-1.dsc c9c994f5e0a032cbd45089798b52e4080f4dea7241c58e3e0636c54146480bb4 9180844 python-django_2.2.18.orig.tar.gz a30ad38ea067f0f078c709d880aa1ca88c286e2351be84c8fcb290fc028c6fb7 26532 python-django_2.2.18-1.debian.tar.xz b523ac0c6aa7c8e2a815e99a197845ffd8fb1112510589d7cda03020e8bdf0eb 7781 python-django_2.2.18-1_amd64.buildinfo Files: 4e8cdb6b09b605433932812c5d00388b 2779 python optional python-django_2.2.18-1.dsc c6cf78dae9c0be5833d37be73ab63962 9180844 python optional python-django_2.2.18.orig.tar.gz 0cd02934c79fc5288ed8cf26549fdd14 26532 python optional python-django_2.2.18-1.debian.tar.xz 149a421f5312aca844e89be20ae042af 7781 python optional python-django_2.2.18-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAX7i8ACgkQHpU+J9Qx Hlis/g/+OxiRxNkPBruvpzT8OvrQ4MBCKLwbgF+RAd/X7c9ALWM+zENibd+KAuC8 wJSClxXCKdhy2+iD2sl+JRWJLjIwa6K0sbOLcqEKmCdSUmSQHt00/DX62HHuoaqA z6UkFwrbeQNdy5pO3AxcjJ4hlGeA215VV/LW92cBaJ4HT21RhZiwdEs7tb2WZCZ2 HVkDfQNuD4daoWI62JIDEWFW29Tjvwdo+y/7gTZJL6YjadVDjz5zrLoqOIl0dR5t bMYe+Oxe1ieJJUdm0WAuk24/wN7lN6Lw7Z5JdwzLNaP13U8TwEvwowZUU/eQZ9aE FOnkr/OddE+1m3NI5pKckCQ3JVwmxy7AJ+Jo79JVemV7KsU+zmMst2EauiL8p6Ts sBgV1F5qaSOD1at/z15nhjU/oBQYv/RgnTnLPnc0/FuyNCWDpB6MQOlyuYbh4/Bh amuEs5uXA2d6p3OAgAfedD3mh4mqV2BJNoTOlx46Ku92sqH6gvitUr/Rj1gkn4bW ec53gpwVg6YNLSPwmQNRopORj6S47cUWi7X4ucwnq8WL6xgS2ZrudHwUODPKEWri UUj7pZYPy/gBZbOEn58dBq+TO3tooZ4KqoRFJIlM7CQlvPas92xcfHuNRM3qwSv6 BSVnl0N+jGmz+fxHMwirtVxjjEJ2/ibJC3+hV1fa9A2v9xifzF0= =WBx/ -----END PGP SIGNATURE-----