-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 19 Feb 2021 09:22:37 +0000 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:2.2.19-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 983090 Changes: python-django (2:2.2.19-1) unstable; urgency=medium . * New upstream security release: . - CVE-2021-23336: Prevent a web cache poisoning attack via "parameter cloaking". Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ";" as a query parameter separator by default. (Closes: #983090) . <https://www.djangoproject.com/weblog/2021/feb/19/security-releases/> . * Refresh patches. Checksums-Sha1: 728018e909533316b33ed8e6278c792f5d87812b 2779 python-django_2.2.19-1.dsc 7aef80dd858d268cc7dc15e8f3b5a43a5252edda 9209434 python-django_2.2.19.orig.tar.gz 45405f991e272a0c695cfcd6b7f30614b36e33b5 26688 python-django_2.2.19-1.debian.tar.xz ddc31f0b82cd9ef7a33f72328c3bf2d174cb503c 7733 python-django_2.2.19-1_amd64.buildinfo Checksums-Sha256: 4649c16beea3783fa53f4b4f1eb0620f73b7276fc79899ea970ddcfe7fb362cb 2779 python-django_2.2.19-1.dsc 30c235dec87e05667597e339f194c9fed6c855bda637266ceee891bf9093da43 9209434 python-django_2.2.19.orig.tar.gz bab52b16468262f9d2d5df8d76a5509a65f5e11f1ca72485a7bd231a024f72bc 26688 python-django_2.2.19-1.debian.tar.xz 503bedca8df9aa93173ce72b2a3d130cc05a7eb6ee5c391b54b00703da6df847 7733 python-django_2.2.19-1_amd64.buildinfo Files: d1c10b445609e45c6cdd6396c8405e98 2779 python optional python-django_2.2.19-1.dsc adecf675c2af9dab8ed65246963718d4 9209434 python optional python-django_2.2.19.orig.tar.gz b91fc9d32c8ef57e92e3022a95297491 26688 python optional python-django_2.2.19-1.debian.tar.xz eb900b8b044826d643a4f0790c1f659f 7733 python optional python-django_2.2.19-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAvhCwACgkQHpU+J9Qx HliaehAAsrge8xjJucziOUNJFeEsOnB5VS0sZfOho9BpbefWJvMsacnmiG7k63GJ IuiCpq/CKb0+/5Gjv3JUcRSfrEYoU6SF1VgLs977Odlo7mFqzrXur1v/8IqyiY4X 9DtUF542MKhGgaJdthrqcPi/Ia7l/nbKKEqCQgzbXLju0hBnkusei6c/X1rkJTWV uMru/hy84+TFipadHTow/A2WciUE70QIS9j1Ph6WaGDu1azNzNVqvPytr1kGOQs8 YEzi/zLU8ooIOW+jNhnYbuO1I55QJ8efL5VSlcDX9kW33QaMdPgZt+ozLsGWJpR7 xZxDMvl0QmmNi1Vwyt035ToCsaXO4UXkYjo4JkMXy0p6HVxrv0Ui5frWmPKI1zNG wM5llDPqM554gi4/IcsGUbDohXKNDtV9EUMQXssaNTVGOFPZMpodWJ4vVnJ9CSc+ 1wyUsfUt+S8wF3DGzM7FaQLEgwFLf9cCGKNTxzxBkBoRcIyC/andxkcxy2fOaVMB NYc62ghMPHHt+NBWQDABoN/fF02I0O3Kcx6kNjbTXo0fGAy5iGKBwgDCbrgbLIvT +hDnJdjq4XGxIyrQqXzqjuUsJHljN6cn5kxksMnf7IBJhr9owAHvDLI2k13jPKOi Am/ubTWSQEW0g4oshQtT1ZpzN/XRspPsuBgxvsA56wqmj+gFiLY= =7+Rl -----END PGP SIGNATURE-----