-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 09 Apr 2021 12:28:23 +0100 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Built-For-Profiles: nocheck Architecture: source all Version: 1:1.10.7-2+deb9u12 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 986447 Changes: python-django (1:1.10.7-2+deb9u12) stretch-security; urgency=high . * CVE-2021-28658: Prevent a directory traversal issue which could have been exploited by maliciously crafted filenames. However, the built-in upload handlers were not affected by this vulnerability. (Closes: #986447) Checksums-Sha1: 182098bd249db4b54d7205863d3a4bf46438b9f2 2808 python-django_1.10.7-2+deb9u12.dsc b6478342012827147f5fce4295f890db89cc1b1d 50732 python-django_1.10.7-2+deb9u12.debian.tar.xz 9d2f7af982f90203a99afa81c6af63f019857d45 1516152 python-django-common_1.10.7-2+deb9u12_all.deb c597e2419ebc1e9024f041f3edab5ad202b1cc7a 2537330 python-django-doc_1.10.7-2+deb9u12_all.deb 23fd19b214aa0f8130788e117f132a9318f800c2 905978 python-django_1.10.7-2+deb9u12_all.deb 454f6b8a806d10566ec6bda834b5a6089524fa5d 9481 python-django_1.10.7-2+deb9u12_amd64.buildinfo 3b29a857776dc16614812102d1c51cf8147b1942 887712 python3-django_1.10.7-2+deb9u12_all.deb Checksums-Sha256: 12db44b01d4fb68da29fbc5f741273e97b4680c7f3c13a4160da9924f1ecbf1c 2808 python-django_1.10.7-2+deb9u12.dsc 6dd929e6d5dd0b9eab238288f7290ed6fe32e747ef145c0d12371d99718ede84 50732 python-django_1.10.7-2+deb9u12.debian.tar.xz 46bb2a04c7a4bd3934c4113c67a5bdf7a2dbac30cc5cf36002a53add0fa9905a 1516152 python-django-common_1.10.7-2+deb9u12_all.deb 68452c8fdabbace8cfb9de3e16bc74774d04f871f589f23690b5631eed4c8624 2537330 python-django-doc_1.10.7-2+deb9u12_all.deb f926e43d301424f03be99a7494662e0bb1c11f9104a52ed3a492b7d2ab6995d8 905978 python-django_1.10.7-2+deb9u12_all.deb 0d24b3be672c6b227e0afaebb67b2ce3cc07e9c73839f2aa763024bf867c2393 9481 python-django_1.10.7-2+deb9u12_amd64.buildinfo b02217bb33fd84c9a26408812af6d94fa14daa5d06b2b6d24e29f6e6e4f341d7 887712 python3-django_1.10.7-2+deb9u12_all.deb Files: c978af665458ad969e0ebd2dae9aaafe 2808 python optional python-django_1.10.7-2+deb9u12.dsc 67b04c320c48d26397bb900cda04434f 50732 python optional python-django_1.10.7-2+deb9u12.debian.tar.xz aaae84641b4ac4b0e3694660048798d3 1516152 python optional python-django-common_1.10.7-2+deb9u12_all.deb 0930cd538158d920b3244a2ecf56fd19 2537330 doc optional python-django-doc_1.10.7-2+deb9u12_all.deb ba131963f094fec1ef75b01aed77fc67 905978 python optional python-django_1.10.7-2+deb9u12_all.deb 2b44fade5c51e2de7b7b4ce8c9e6163e 9481 python optional python-django_1.10.7-2+deb9u12_amd64.buildinfo 1b143a373a0d88872861674eb7b6e9ae 887712 python optional python3-django_1.10.7-2+deb9u12_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmBwPrwACgkQHpU+J9Qx HliZqw/9HKxcgczQpwpEyb7IFLtMia3+KjiTxRZxqcsPYLYoKrpoprwvUdJJNHbJ rpBUamnRkry44yOhSIjs9hAveq5qd2wiQOnszM8ZIJ4MuCZE/m65PLfnyImJZJTg tYSIvtxsgtmt9CbneOFfKGZb21hkeocXY8cu3MuUkae3dWczZUqrU/QjEPPYCMsg e8PbQ7SWGxP32z9e7lLC9XPMvyOQrd1Rt7sf6L1uALi3bgtX7ks7wvo7RdwsSgEu FnjIYJsrGS9i3QBXC8damTZIVqPqvw+42KjrSvUuMTaOX1ELtAtQjwZMTgwkYv1t y3hDng5gmxRwiDIf8MjCQ7kwLcBE5RlEOH0BC7C6SsWQVM3CmUtL/MewkF2oFg8H mTccXfNT53Kk9TWMdLy9rbDb3M6NfMKa6o463zdzALYwMxb97Dqa0zizZSXpl9KG HSmX3WTUegXrMtFAqdmxPLwzg3yn/ZXw7BvJvo3hPsJrJmyjUndl/Zxjo5C6j2Gj Wv5FRcgjckxVmNkId5UXshRhRFuJilb6NXThobmcihVsK/8hBi4Z+Bg1mXMF8ga+ 7B6q0c0hemmAlm/N22VBsTFOzOtkeXjIX6G89HvX7PY5OkPT4FuXaiN57Sos8cay KzABZKBSlnaBBLJl8PDV8IpChbjPDoF2hvdjP4PMu/90tJpVD7c= =uzNh -----END PGP SIGNATURE-----