-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 01 Feb 2022 09:28:58 -0800 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:3.2.12-1 Distribution: unstable Urgency: high Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1004752 Changes: python-django (2:3.2.12-1) unstable; urgency=high . * New upstream security release: . - CVE-2022-22818: Possible XSS via {% debug %} template tag. . The {% debug %} template tag didn't properly encode the current context, posing an XSS attack vector. . In order to avoid this vulnerability, {% debug %} no longer outputs information when the DEBUG setting is False, and it ensures all context variables are correctly escaped when the DEBUG setting is True. . - CVE-2022-23833: Denial-of-service possibility in file uploads. . Passing certain inputs to multipart forms could result in an infinite loop when parsing files. . See <https://www.djangoproject.com/weblog/2022/feb/01/security-releases/> for more information. (Closes: #1004752) Checksums-Sha1: cdc813e579d51018d8416c449d14219479d931c2 2807 python-django_3.2.12-1.dsc 93f6c3f0fd89f5c5a44dee688e752a258900a54e 9812448 python-django_3.2.12.orig.tar.gz 8f3bfe43385673b8ae937169c395c5dfba8de2fb 35060 python-django_3.2.12-1.debian.tar.xz d215015572a9dd6e89c8a97b30fb63f9692033db 8089 python-django_3.2.12-1_amd64.buildinfo Checksums-Sha256: c33aa89544c0b0a5971df3cb18f1fd1deb9ed41035cade5364cda7f3f7f956cc 2807 python-django_3.2.12-1.dsc 9772e6935703e59e993960832d66a614cf0233a1c5123bc6224ecc6ad69e41e2 9812448 python-django_3.2.12.orig.tar.gz 7f1bf88141e5e9e06cbf1bc60606ed53b6cb629c384a3dde5a0068aa46eb3591 35060 python-django_3.2.12-1.debian.tar.xz b99d78aab5699dbd4b57bdc704c4d980118b2df22b303d35d033741e67698a62 8089 python-django_3.2.12-1_amd64.buildinfo Files: 350062ea51fb57ddd8a0b72744d808ef 2807 python optional python-django_3.2.12-1.dsc 1847b2f286930a9d84e820a757e3a7ec 9812448 python optional python-django_3.2.12.orig.tar.gz eedef8404056d75832230ebd4d3e2f30 35060 python optional python-django_3.2.12-1.debian.tar.xz 77bdb2ee3e8039c7c7b724a99231a894 8089 python optional python-django_3.2.12-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmH5b2kACgkQHpU+J9Qx HljlFA/+Mlty1sgR7gMekexDmjhXvQEUCfai7Soe42wE1IRTtl2FUh4MKofvQBnp rY9Fsb9cI2mQgPPHA0/X8uBM5J5L+Izf+Jvs6rBcTuWtMgGll9meu9K+fRWDiPWS 1U9RDqphuEaiE008fe7GRpu5p5JdrCFGpVbIE4QteYZcxSCbhQ7Gtku30OpBAPgu oLTY+hB8JbCCXTpgasdtkuMyoFv2BhYC07NfVew8j0coA8+JFEJbk4yohXReKZYX CFc8zBMfVUFAcesrjEv6wTteyZ32ZYsQcsUOlTQlAdRrIcGp4+tHP81Xvoe11a1i h8KZIAbLMYjD5X119U49T5/idZxcngfai1wPqDFbyk5KFJ0EU1QqTq7Cqr2XJsto Gg5RcMKHy6mM6Q+h7pexUj5Vz5HAz031KUurTKmj56suySMFYbW8UZyvB2gMbjiS GBJxornAyccac/urRj7+SXzouPeWp/ekuEsZkk69p2QDzSjmgpKVBaOnCpHmoLxG IzAlZX3i+SX14AWM1SVezdSfFXU51lV4LjlH9/+I8k4q+3Ud9FSeQ9gqRPyO0hVx bCSfnouCgXp6DXoms+nmtKuN4smvJF4xMUwr5T6SiayDGHiP8eQ+uGhejFmb9lvN hWkxT7JlpZNIbZ8RQOBGGNuDEn5iXcEiarrY5nnFmN0cORqLouo= =2XVi -----END PGP SIGNATURE-----