-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 21 Aug 2024 12:08:24 +0100 Source: python-django Architecture: source Version: 3:3.2.19-1+deb12u2 Distribution: bookworm Urgency: high Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Steve McIntyre <93sam@debian.org> Closes: 1076069 1078074 Changes: python-django (3:3.2.19-1+deb12u2) bookworm; urgency=high . * Rename CVE-2023-36053.patch to 0014-CVE-2023-36053.patch * Backport upstream fixes in 3:4.2.14-1: * Closes: #1076069 * CVE-2024-39329: Standardize timing of verify_password() when checking unusable passwords. * CVE-2024-39330: Add extra file name validation in Storage's save method. * CVE-2024-39614: Mitigate potential DoS in get_supported_language_variant. * The patch for CVE-2024-38875 won't sensibly backport. * Backport upstream fixes in 3:4.2.15-1: * Closes: #1078074 * CVE-2024-41989: Prevent excessive memory consumption in floatformat. * CVE-2024-41991: Prevente potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget. * CVE-2024-42005: Mitigate QuerySet.values() SQL injection attacks against JSON fields Backport and tweak the upstream fix series to fit into 3.2. * The patch for CVE-2024-41990 won't sensibly backport. Checksums-Sha1: df8a6b32878dc0bfad9dbb2c01848fed26b51af9 2864 python-django_3.2.19-1+deb12u2.dsc c172c32184f8dd1e3fa9d5373fd2d3d93181bc5e 48884 python-django_3.2.19-1+deb12u2.debian.tar.xz 80c61eae4d36cdc38999c6ac345d3626dfe7b201 14089 python-django_3.2.19-1+deb12u2_source.buildinfo Checksums-Sha256: 6965317a38ababa6ecac1d731c5c5eb7c186e59906da4013300a8a0bf3cc7809 2864 python-django_3.2.19-1+deb12u2.dsc 6bc87771c69baa09c64b2ca7918470f55a12f4fcbab0f30b004a8b383bc2e11b 48884 python-django_3.2.19-1+deb12u2.debian.tar.xz 34f194b448ee46fcf03e7db7cd3c47dd04ce8a632fb90dd72def44eb6b601e63 14089 python-django_3.2.19-1+deb12u2_source.buildinfo Files: 8cd1dd7e7b430b871d74936f4bc51a3f 2864 python optional python-django_3.2.19-1+deb12u2.dsc 7877957da3f282b1dce79bbdc1b90df7 48884 python optional python-django_3.2.19-1+deb12u2.debian.tar.xz b63403ce4e5576491f3d3e61ba688a63 14089 python optional python-django_3.2.19-1+deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmbIb6MRHDkzc2FtQGRl Ymlhbi5vcmcACgkQWHl5VzRCaE7yBg//SixN+DRgxb/0QUTcav3HLwp/g75VlFWp FR4brrdjgMozLXNRUsRqn7zsH0MiN7UvllvW5c0F+du547bFZG2OlvtrO/y/q3j4 Nf3OsMCgakkNHCuaZ2kvZXy6vV5FSAhlhD8dPC5ndt5GrbmtK4oWTogSOXkHa9N3 HbFc8SdVMubrfOFCAY17xyTDoKSKM5+rssHbLtKCS7bFtccWgZqBQ5ZKTsSZn4si hSkJBM7ku/OscnLzf8lHX/15NSx+25ZrI4lOiqSqIS/T9DKp4AbX7KRXZqnRR8fm ZhiyzkBI4CkJK6HmBPIP7zMtxHTQ+Smz5C2ubfZ0JnHThkawOGSsg/lowFjeezSx Ldylj5QST3R8Zyc/91P7X2MVbmUVM8CKWLBHMxu40wE97bT2EehSjuLmlvf5ey7O 8vFz5IBqZgu7QOzWUxQ/1ytR/K4/xKNy0e3e2uoplN8Pe/oFDlkP2JBkhh8UMJnY iSPPVR3Z6VUww3gc/TJlWX3y8TrYAqAyuuZUgCiVXbQuOPCqzZDS0SNwOszhi6cN G+msHZPwjQTF/HauSBV8VB/PNufIYsBlB3uWseqrnbhs08+lVDsaQKtCDuGrr6/I AEA0IoPWd4GtIMQTv/Vfxnfd88b5N1dZwsr1p0RCik4qjcasKyub50JGthJ7MKhL L8QdZX/0ISY= =Khoa -----END PGP SIGNATURE-----