-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 05 Mar 2024 13:03:35 +0000 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 3:4.2.11-1 Distribution: unstable Urgency: high Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Changes: python-django (3:4.2.11-1) unstable; urgency=high . * New upstream security release: . - CVE-2024-27351: Fix a potential regular expression denial-of-service (ReDoS) attack in django.utils.text.Truncator.words. This method (with html=True) and the truncatewords_html template filter were subject to a potential regular expression denial-of-service attack via a suitably crafted string. This is, in part, a follow up to CVE-2019-14232 and CVE-2023-43665. . <https://docs.djangoproject.com/en/dev/releases/4.2.11/> Checksums-Sha1: 3cdfc0ac38ac18ea107493a598c2a3845219133c 2764 python-django_4.2.11-1.dsc fda76a55736054cb5aafb73d2caa3f2d47765f9f 10426858 python-django_4.2.11.orig.tar.gz b84f07446e48ab9e22c7896fbc96b33de397e0c9 31284 python-django_4.2.11-1.debian.tar.xz f79a9bb7039f5a98b236626d404114f349c20774 8298 python-django_4.2.11-1_amd64.buildinfo Checksums-Sha256: a4d7110b7d2729ee8dc44995508c7441bc101f3b5f00b5389d6fa1f94905ce4d 2764 python-django_4.2.11-1.dsc 6e6ff3db2d8dd0c986b4eec8554c8e4f919b5c1ff62a5b4390c17aff2ed6e5c4 10426858 python-django_4.2.11.orig.tar.gz 91f97040c59316fc3fb289300e6018b98ab3aa198c228672217c1d4eb1bf29b7 31284 python-django_4.2.11-1.debian.tar.xz 418de3204f1273d56b66dcba0ae2091c7e8852259c061a07e1765f69489ed110 8298 python-django_4.2.11-1_amd64.buildinfo Files: f80f11d5179c4b6414920c18db9d9bd5 2764 python optional python-django_4.2.11-1.dsc 33dc961e25b6ed54e22b62726b334d4d 10426858 python optional python-django_4.2.11.orig.tar.gz fad8cb25d9cc840766ef0b9b1145d4db 31284 python optional python-django_4.2.11-1.debian.tar.xz 8ad3c323241bc80170edfa87681dd0be 8298 python optional python-django_4.2.11-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXnGTYACgkQHpU+J9Qx Hlg0EBAAisNmeDLqwYVipSNhuuQ/zAbfOCwFTUvw3E74yRaTvjGt9o0a4xvi97x8 v7DIThNoMxctbiI9USxW84u7cNtYMee0vJLlNK1ciJgTnS3kzT+7MjFve3glx0sC nBYduyyTtX0xW8xn571DNV1mjZTY4Wo4N+qWd2gpIXu6Fy5YzUJGi31STWMaAG+B m1Wa85XYwQxVHHyKqsMjIHWj1LYWR5bRgV9X/axPyt/uyzcauGceHBBqt37nk4cT WOqXBcA+YtRgNFIoriveARP5LjFVqcL7N/x9jg2Q7jBjzAiQHcUtWm1KAPhn4Fhh PzQU4PZE1kjaeofiu54/AdCA8907drQcxbqG0zadDOh47lPJ9Dpx3D8MYwLJecAx 2UbvDj1tR8BugtExFDijFwhJPZSztAWp/eRJ8vt/nqR9D44L2OeKMwXiTF67/tgh sgUIzXAy+HUO+CJ3SFJxf3NwtycShVVKdSlWkgRQHgvmzwz7ZYltU6J8s2Cl+NsQ jUv7KmOKgQYOF0UAucmkj8vANZdnUH6sbLl1UjEMMvCGZIiplVGHrcAJ1l1JFJEL GklGcbwtR7wpuaFbsuQ9bcBIla1NvAplq+rltEbi0jNk9hLMGZyi5fVFuz1QS/+P UpsR4C47s1ECD4F9/pw+qwsEagiAEjjfdcrMuDvRnQeZOO1xCkQ= =cA3z -----END PGP SIGNATURE-----