-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 14 Feb 2023 09:12:57 -0800 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 3:3.2.18-1 Distribution: unstable Urgency: high Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1031290 Changes: python-django (3:3.2.18-1) unstable; urgency=high . * New upstream security release: . - CVE-2023-24580: Potential denial-of-service vulnerability in file uploads . Passing certain inputs to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. . The number of files parts parsed is now limited via the new DATA_UPLOAD_MAX_NUMBER_FILES setting. . Thanks to Jakob Ackermann for the report. (Closes: #1031290) Checksums-Sha1: 698d15a21d198aa340fefd2ec158dbb0d17126d5 2807 python-django_3.2.18-1.dsc 27010f09a149773fe9d19b6ee69c597a428fadc8 9848949 python-django_3.2.18.orig.tar.gz 9573bf6b748250469c6fd702dcabae574734fe6b 37760 python-django_3.2.18-1.debian.tar.xz d794cd315ceeb8c2046109134695721dd6940594 7905 python-django_3.2.18-1_amd64.buildinfo Checksums-Sha256: 9f1680ee17b33372ac8b399dd68859f54b96ed8545cb899d0cacc5a57de491f1 2807 python-django_3.2.18-1.dsc 08208dfe892eb64fff073ca743b3b952311104f939e7f6dae954fe72dcc533ba 9848949 python-django_3.2.18.orig.tar.gz 003420cd5c9f886e9bc2bf6675588e10023612f570ba74a6bba44ecc78a365ab 37760 python-django_3.2.18-1.debian.tar.xz d5973ee8402bde6ca76f953c1290f60569536503154ed5732a449d54bb5c65cd 7905 python-django_3.2.18-1_amd64.buildinfo Files: c13581162bcd79ba9ff521b6a9dc5302 2807 python optional python-django_3.2.18-1.dsc 03831fdb086d0efb7ba0b4e1c521427e 9848949 python optional python-django_3.2.18.orig.tar.gz c1f320d1824e8a58d06babfc4a4eab20 37760 python optional python-django_3.2.18-1.debian.tar.xz a688889a8880f5d0510221817c178537 7905 python optional python-django_3.2.18-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmPrwsIACgkQHpU+J9Qx Hli0NxAAiHVkfBVXaz4hPKYq0McDwn5pX3/Fu5Ehtp/Aaa9Jh0rZeL0fStrq8EvT ktGwx79qif1/m+OCqA5ktJPt0cSE6+hOLnX1hrl8Zs0lxDH5FsBdXgigund5jS0/ Te3VaqRMFTTaWU7pduGE4yCadiEeEohYM2G85p3uxmiihx8pJiD8v30kE5VmMClB LA14FVNFLRrWCGP6wr3epCgWSx03mTej+gcyggFOAuUY6e9nlHwNt7DmUnQzqBvt U7l+Dz8gA4cWLh4A+SO8XhxZD6uc+eknUhT8Wxjaadj/bUi4IVz9WaPbP4RI5BSW IFhpSgO7XjxjCeiqk8DFLnVsoAfJbOxWkSCEgLpuDzlIbCzc0OiNHSJtD+21XYpA Fykj/g93kAIjZTb4v+y/NbzFVT87kAgypcmTIgEn1QJFjQdYZAQQFAEPjkY4nl81 YP7jDVzZH6wwCzwsLXbVvijU4VwkiJKdeummBxw6aV/YAgUZoEBkGQyMBVq+WIEe 1RRyteWq1NKmtAhqkhfUEggPIXCkx1Txt3grrwrwYF7eiG+wFKVy1zQm3fPYB5lJ g3ybzfKyWfe2+ESqjFKyI5mrI38tiCyfFpEEjn9HaGLBCOjsbZVstOzW4+GSN4yw U9BIvNl7vbOI7GIl78OQe7IjzFUH/EoPuy/f1Z7RvHVMAeICbvc= =6R/Q -----END PGP SIGNATURE-----
