-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 22 Feb 2021 10:10:28 +0000 Source: python-django Binary: python-django-doc python3-django Built-For-Profiles: nocheck Architecture: source all Version: 2:2.2.19-1~bpo10+1 Distribution: buster-backports Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework Closes: 983090 Changes: python-django (2:2.2.19-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . python-django (2:2.2.19-1) unstable; urgency=medium . * New upstream security release: . - CVE-2021-23336: Prevent a web cache poisoning attack via "parameter cloaking". Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ";" as a query parameter separator by default. (Closes: #983090) . <https://www.djangoproject.com/weblog/2021/feb/19/security-releases/> . * Refresh patches. Checksums-Sha1: 38d55d65b6ba4df8d48592bbe8734787c21c611e 2847 python-django_2.2.19-1~bpo10+1.dsc 7aef80dd858d268cc7dc15e8f3b5a43a5252edda 9209434 python-django_2.2.19.orig.tar.gz 75bea0891a007f362a05979e6683f4aa205b5d09 26872 python-django_2.2.19-1~bpo10+1.debian.tar.xz 88a475b0a6f2222b8d75e828e8cf81a6e5e441a9 3107160 python-django-doc_2.2.19-1~bpo10+1_all.deb 12343b944ad603adb52331fee6ba2aee5e9dc4d2 7698 python-django_2.2.19-1~bpo10+1_amd64.buildinfo 710a882b657df5db1b0fe8e81dbfed007b1d3a78 2680764 python3-django_2.2.19-1~bpo10+1_all.deb Checksums-Sha256: d527d7270238512624d2d727f98773b5d7265c879d29078ec8d7cbd62d76825c 2847 python-django_2.2.19-1~bpo10+1.dsc 30c235dec87e05667597e339f194c9fed6c855bda637266ceee891bf9093da43 9209434 python-django_2.2.19.orig.tar.gz 926a963f9415c601b85e0bba228a061bc7382eb9a7adc906cb472382cd69911a 26872 python-django_2.2.19-1~bpo10+1.debian.tar.xz 51a4257582d4c91944e5c063c19ace93d1d3042c2bebb05d6ff862f22430616a 3107160 python-django-doc_2.2.19-1~bpo10+1_all.deb 040a87d4598caba56e4f1062e81ac7c5910e7f8e0fa832b228ac88c7424272ce 7698 python-django_2.2.19-1~bpo10+1_amd64.buildinfo 096a96e0c432bcc85dc16a707830513f39b6880f3a8b1cd0717cea503a2543c4 2680764 python3-django_2.2.19-1~bpo10+1_all.deb Files: 964d35cf3ed83035c682ce4cb5e28f96 2847 python optional python-django_2.2.19-1~bpo10+1.dsc adecf675c2af9dab8ed65246963718d4 9209434 python optional python-django_2.2.19.orig.tar.gz 176292fb24d310aa095b4ead4bdf307e 26872 python optional python-django_2.2.19-1~bpo10+1.debian.tar.xz c56d5c535cec7a9cecad6e4a490fc952 3107160 doc optional python-django-doc_2.2.19-1~bpo10+1_all.deb 519d843c72b56501c37f755eaa8cc799 7698 python optional python-django_2.2.19-1~bpo10+1_amd64.buildinfo 7b8d0304d5361dbca542251fdeedca8d 2680764 python optional python3-django_2.2.19-1~bpo10+1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAzhGYACgkQHpU+J9Qx Hli0qg/+NUD64kVWE+7YDRp5pyEOvwl+sTb784rxr6w9ihlSAyfiSUNK96eJrcFG yPn4qx6U82PPuIzZf4MBGHUJphhmLC5NbbXNK7E3IRBNywbYrtR235vQr5Veo1AL d7E5KirH0CZTkZShIQmzGkondKSAEI0oFAmPL8c3sKF9cy+sQ08KjZ2Z/1d4vwcW n/FusKStXFAWldFR19rXrBaXSfqrLPrsgSKkIssrAkg5iPCBG2NBYMB1bNwxPG+1 lMPOBPuwW/i3TdTb9qtEF9Q/bZ49STFkT66LZVXD6hoSNxOL2/elaQ3cbplt9uBS wkI5HNcn7CENs92J8pW0DY13ogSaQai2gYy9LdQhoiddNX5kgtrVMCXDCx5TLiVX snQHPLo5tlC3BMofrXl7YVxZN16Tx9OLsohQ6tNsy8OWU4K6xhOUid5JpUef3wmh pqQdQSU1OdZOYqblZpcQAF1bHt+D554Vu+F0kWcDoR978ojQ20kwld/FYEeFZmoS eTV3Bkjd/EAG/JhI1UWKLI2S3ork9TKP3JYIsyEJKjfFvmy5ftUcXIVZpzU7dflt Fx2gRLAFZFpDZr9MCpIeQiPzXpJF+7dsPag7xFsFgqH3/CPxPgpMMSoO11+7tY0e tjqh1Klf6NMZS7zE904JoV2ZvgsxqpF4mO2ZRmjY8EuQFDBsMok= =TNbH -----END PGP SIGNATURE-----