Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted python-django 1:1.11.29-1+deb10u8 (source all) into oldstable
Date: Fri, 05 May 2023 20:30:28 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 05 May 2023 13:18:16 -0700
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Architecture: source all
Version: 1:1.11.29-1+deb10u8
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Closes: 1035467
Changes:
 python-django (1:1.11.29-1+deb10u8) buster-security; urgency=high
 .
   * CVE-2023-31047: Potential bypass of validation when uploading multiple
     files using one form field. (Closes: #1035467)
 .
     Uploading multiple files using one form field has never been supported by
     forms.FileField or forms.ImageField as only the last uploaded file was
     validated. Unfortunately, the uploading multiple files topic in the
     documentation suggested otherwise.
 .
     In order to avoid a vulnerability, ClearableFileInput and FileInput form
     widgets now raise ValueError when the multiple HTML attribute is set on
     them. To prevent the exception and keep the old behavior, set
     allow_multiple_selected to True.
 .
     For more details on using the new attribute and handling of multiple files
     through a single field, please see:
 .
       <https://www.djangoproject.com/weblog/2023/may/03/security-releases/>
Checksums-Sha1:
 3712f9209c93393079906ddace21d3c9f4142c04 3294 python-django_1.11.29-1+deb10u8.dsc
 e71620c18c985d8f5381bd87c02dbd23f1f48dd0 7977916 python-django_1.11.29.orig.tar.gz
 60dadbf9e3b23378ca51f9cbe6ca6e19335990ce 49980 python-django_1.11.29-1+deb10u8.debian.tar.xz
 204b75be0fce56dafa320826319fd292f191e21b 1540556 python-django-common_1.11.29-1+deb10u8_all.deb
 31a9f808283669e93df4eda1001e66672d2e94a0 2694488 python-django-doc_1.11.29-1+deb10u8_all.deb
 4dc0db4f91b35bfa92d2988cc3023b12b88cd05a 921956 python-django_1.11.29-1+deb10u8_all.deb
 2bdfc7035310b4a8f89b1ea74d7922fac5d24799 14920 python-django_1.11.29-1+deb10u8_amd64.buildinfo
 796e6f9b8b2488307e2d554c13f3e15f56e0c05c 921956 python3-django_1.11.29-1+deb10u8_all.deb
Checksums-Sha256:
 29924bf764ebd032ccfe9d7c1bfd58702270c4e94c6de63763aaa0cb8d45b4d9 3294 python-django_1.11.29-1+deb10u8.dsc
 4200aefb6678019a0acf0005cd14cfce3a5e6b9b90d06145fcdd2e474ad4329c 7977916 python-django_1.11.29.orig.tar.gz
 2bc7452f7a2766a6f0766183ec3baf25d0caaed7eb7d289541c3e8420a4bc4cb 49980 python-django_1.11.29-1+deb10u8.debian.tar.xz
 24d01c38b53972784c4725f971e2d00332ad5b8e19c53f24922df7588cc5fb44 1540556 python-django-common_1.11.29-1+deb10u8_all.deb
 7e0ea1416040eae7b05dcb78ec6fd3b804765f2f8cb3462bd77a9c1b73894c2b 2694488 python-django-doc_1.11.29-1+deb10u8_all.deb
 60fcad79f308e63eba48f010972e3769e4d81a89b0075fcbd76496de53a3fbcf 921956 python-django_1.11.29-1+deb10u8_all.deb
 a9cb371d0390e8eb33fe86bb2c0758623fab34d67dc1edf65b32612324a71af5 14920 python-django_1.11.29-1+deb10u8_amd64.buildinfo
 b561de1efe96fb3786f9a3626c1b14f1523456b42995f7d7c3e1fd02e3ff3608 921956 python3-django_1.11.29-1+deb10u8_all.deb
Files:
 67bdf6f2b96de726ee862f1ebf5f30af 3294 python optional python-django_1.11.29-1+deb10u8.dsc
 e725953dfc63ea9e3b5b0898a8027bd7 7977916 python optional python-django_1.11.29.orig.tar.gz
 c79306cc62b4d8e27875fa628db6eb76 49980 python optional python-django_1.11.29-1+deb10u8.debian.tar.xz
 1e7b1689e9ce35b6bd3f693282279728 1540556 python optional python-django-common_1.11.29-1+deb10u8_all.deb
 e86d043dc0b0bba26a6417d1481636e7 2694488 doc optional python-django-doc_1.11.29-1+deb10u8_all.deb
 151d42fa9c0274b6880aabf703cc71cf 921956 python optional python-django_1.11.29-1+deb10u8_all.deb
 8b81f1949cbca19d01ac63977c66d891 14920 python optional python-django_1.11.29-1+deb10u8_amd64.buildinfo
 7a7336ae18a3508dc475f5a13ea459d2 921956 python optional python3-django_1.11.29-1+deb10u8_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmRVZo4ACgkQHpU+J9Qx
Hlj2Yg//av8QBrSxW0H7QiHnTeOc1cF4XU5y0kZLCHl0JVzDdJq1i7o4gOQEAzOz
GNwG0tP5IVST+ukH0LrgJ4/U7wRurmDBRYMRzFl0/ONQsyFyCblOcCQ/wJJZONnz
0XZV+EAfeIrJQKW7RUeVzeoUgMVIhU/XVEJxjQINAxRZMA922WIgIe3uhoaFAEeP
FWbMojeHH4UQwG1IJNjNRn9KHQ0kZ1kKjlPQxqdBwZF0/4pcUKf2hJ8kp/hWRFyT
LtF2ilbDk4hyQkUZoZ4r1JaVQD1hhzwgcD0WNnuMcVTRtxt/AsVf1D79N3OVPdRp
Lh0jGjc9yMts6IlyBkMOt4FhYvacZxB9hCQpQ3LhCjcftxEYGAkWtsRV3o+FGWZC
NsWex+AW54/QTItpJRijl5pYEcXOXc8R7cR5WzLfJEalIFE7ex93f8NHcKKcUNSJ
lbGAuHjtvNqumtqE9lOnN7gIXBbGyRykVtyM5InjtvtcamTNv65Iet9VfaSN1hST
Jdvjkf6iRfHcmpnWkTKVPFIUAx41YrVJtXPk7iGT9pkki3xFnIj3OzKvS2IfhzHv
Ly/ue4VrhHlSU09JwZYd/Dgh3JmPsm4mV/0jS2va+zhKSWQ3a/BaOeEnollutPo8
h2R3h520CJT4YdBZJlDQbqcJFe+sND0bKMbgxXIL6oljsy4HYi8=
=6SzK
-----END PGP SIGNATURE-----
News for package python-django
