-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 01 Feb 2023 08:01:01 -0800 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 3:3.2.17-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1030251 Changes: python-django (3:3.2.17-1) unstable; urgency=medium . * New security upstream release. <https://www.djangoproject.com/weblog/2023/feb/01/security-releases/> . - CVE-2023-23969: Potential denial-of-service via Accept-Language headers . The parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if large header values are sent. . In order to avoid this vulnerability, the Accept-Language header is now parsed up to a maximum length. (Closes: #1030251) . * Drop 0010-Fixed-inspectdb.tests.InspectDBTestCase.test_custom_.patch; applied upstream. * Refresh all patches. Checksums-Sha1: 739c26799224c7e0f5c81271aa9ac9440ba9e75a 2807 python-django_3.2.17-1.dsc 41fbde88d69f8f4e2daa9c8edc64864d7a42e5c4 9830188 python-django_3.2.17.orig.tar.gz c6305d24b4b8a271a3f4b99a43bab30aeea47a3b 37648 python-django_3.2.17-1.debian.tar.xz d175a5be405595f0869f54e63e7e55bb66bfe621 7937 python-django_3.2.17-1_amd64.buildinfo Checksums-Sha256: 26caea9753ba9a01a43b14b31ecb655940e3c2bf691dc0e351a0d7149b868482 2807 python-django_3.2.17-1.dsc 644288341f06ebe4938eec6801b6bd59a6534a78e4aedde2a153075d11143894 9830188 python-django_3.2.17.orig.tar.gz b38875467b7216b323f464b0f116b32342c1c42c9051d13e1852add245c6164d 37648 python-django_3.2.17-1.debian.tar.xz eda8f2d8334dd8264821b9ddab033c57a59f8ec8b59cd5c72d86a4acd445712a 7937 python-django_3.2.17-1_amd64.buildinfo Files: 02586cd0235d549d793ba4348f38505e 2807 python optional python-django_3.2.17-1.dsc ef4c165db99f7f6e32b62846b9f7a36e 9830188 python optional python-django_3.2.17.orig.tar.gz aa4efe0b62f4bff27b0f8065be1a7212 37648 python optional python-django_3.2.17-1.debian.tar.xz 893a2797e6057caa5416030603e1041b 7937 python optional python-django_3.2.17-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmPajiYACgkQHpU+J9Qx HlhqFBAAue6O+0ZqYQ2frd2gARoqkZVhJoZ2o5pE+7iEyc34jrrUWBURrKAiz/z0 NnNsr7O20evXW1gJ87EnM0Yj0Se8QlXVHqI480+ACYil/LoiPWcihzIDM4LeQO1q tDxgvJ4jA08bwpgrJQuQApkeS4TkESsV6W2dH6b5Gq/OiddL95eeiNiwYh/9y9e6 NIp5l8poyYCkQ44gt9nR/4Dus4PzLet5gIiH5Eq7t/T5aa/GNYOvJX+elJHghh54 Qx/piEtpQjyRCF5KYQqK6RkjFuaJnEJMvkFETzDkKpELpkEG6h3KfQjP9uIdvGlt oaF6Yt2MLZTB/7rEUHUl1xv53R+RJsny64ZmfcD4i0aP8HDrBTpistmXhVPAz3hh FWV0odIIUSiR/ZbMGE8Opa6L9V9rHvKkq6O6dFzqhkZ6qaAnnpbRkvob8S4YhcOT WRq0YYURS3Z0Kt+il+abz4amQX1XGUnkK1ziOM8chavMot98Lucdet9uEsM+t7Vw n/Qzq7sfhYP3CAs8adtHchXwEFmGqHq1CTkpegcT+1MXt/689q3yhbPXGd4inscx G0JXNEgZOjnLq/zDf1IMGpcmH9why4talRBjR8mW1jqRnlllKMebPp/HGxm3rIrg meBfJjp/Bv/dDI4/BreCZ/LCKeidruGl0Tle/PeDJ6N6DoLwn2Q= =xPJl -----END PGP SIGNATURE-----
