-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 01 Feb 2022 09:02:51 -0800 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:4.0.2-1 Distribution: experimental Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1004752 Changes: python-django (2:4.0.2-1) experimental; urgency=medium . * New upstream security release: . - CVE-2022-22818: Possible XSS via {% debug %} template tag. The {% debug %} template tag didn't properly encode the current context, posing an XSS attack vector. . In order to avoid this vulnerability, {% debug %} no longer outputs information when the DEBUG setting is False, and it ensures all context variables are correctly escaped when the DEBUG setting is True. . - CVE-2022-23833: Denial-of-service possibility in file uploads . Passing certain inputs to multipart forms could result in an infinite loop when parsing files. . See <https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ for more information. (Closes: #1004752) Checksums-Sha1: cb621803e4a3e97e3db99d851200c23beaf88dea 2779 python-django_4.0.2-1.dsc b671dd5cb40814abb89953ce63db872036a7fb77 9996300 python-django_4.0.2.orig.tar.gz 499cb39ae4033db321146b3f5c509402b6c22e8b 28412 python-django_4.0.2-1.debian.tar.xz 5914b45c9d9266cef6a9b6b3e9b62dced517df84 7915 python-django_4.0.2-1_amd64.buildinfo Checksums-Sha256: 2cb44bdc787fa5e1f62d083e1a113766162776e347e383fbe3e68807a23c2466 2779 python-django_4.0.2-1.dsc 110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a 9996300 python-django_4.0.2.orig.tar.gz 66f94f095098474d44f0c1dd6b9afd56b0bbfd91921a89013991dc7e21a154b9 28412 python-django_4.0.2-1.debian.tar.xz dc2262bbf83657847dcd207de5b7c07899700b01ce2ea4d758c509a73984924f 7915 python-django_4.0.2-1_amd64.buildinfo Files: e16dcb04ec2b0b5b9e4063348922a71b 2779 python optional python-django_4.0.2-1.dsc a86339c0e87241597afa8744704d9965 9996300 python optional python-django_4.0.2.orig.tar.gz 1fef93dd00604da057ccb2dfde4fb03b 28412 python optional python-django_4.0.2-1.debian.tar.xz 4962f09548b1dc07a0cf1c78869d7c4b 7915 python optional python-django_4.0.2-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmH5bPYACgkQHpU+J9Qx Hljlrg/+LTMdi+/Jy00di92VV26fKAQUn4fqApJA9o9KSk9O4fBWR3dUkuWIT16T 1J9UrQDPvYvJIlf13baQSKnLgxPZtSH+wjDBCVOtxC/XNdxiQ7GnpDmmnAOpQgX1 3dVGpe3NmTx06HnwdlVTqzLIwLw1jBXG1aSk+bUal7NEfIc5wmUQcOLdT+4fOLo5 G3p0TmnnreWpWXvB6m2fPwT7wDvZdZ+MaRY8eK4WOOnZD04xAktBRIYWTGZlo78r HbvBkTQaWSv908nDwS/d2MEQo52u1xJCOM68zv1oGL8cgs8rJiplgLCiL2dLDXzF CnQkn9HJXsqrSJSgO8Vt4RObN3aOzmcp79SF5Kqye6OSaYt42v9nzR82zSGv67JX Ue2bXcItXSl2zWrApDOefR+sCTkZfXB/3iBCDoRQezFqZJUXyALjIxz/r0o0ZTLv md9j67v9bJdp3WGrbOLe2cf09FuW6bsVm2Zq8C6fetliddTv7wao4SrniQAexm0B WmseI2DXWQusSXr+/AWOdkZT5itf35X0apuvvqcBQbbaDqW+EJFhiSkmZyS43/6N aZBabu5JisNHZ/6wsIn6tiBcLOFHvUFHynNYf/SZ9C0X7CZkooUOkDiOcbWvpJw0 aM/3aAq+gvkkWMD3c9SXhZ/sCn3XMKPhsiOvEC8QhyHvT6iTnDw= =usbx -----END PGP SIGNATURE-----
