-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 03 Sep 2024 17:25:15 +0100
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:5.1.1-1
Distribution: experimental
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
python-django (3:5.1.1-1) experimental; urgency=high
.
* New upstream security release:
.
- CVE-2024-45230: Potential denial-of-service vulnerability in
django.utils.html.urlize(). urlize and urlizetrunc were subject to a
potential denial-of-service attack via very large inputs with a specific
sequence of characters.
.
- CVE-2024-45231: Potential user email enumeration via response status on
password reset. Due to unhandled email sending failures, the
django.contrib.auth.forms.PasswordResetForm class allowed remote
attackers to enumerate user emails by issuing password reset requests and
observing the outcomes. To mitigate this risk, exceptions occurring
during password reset email sending are now handled and logged using the
django.contrib.auth logger.
.
* Bump Standards-Version to 4.7.0.
Checksums-Sha1:
2c59fb12a390c1ba0105a95b4303ccaf9e66448a 2783 python-django_5.1.1-1.dsc
8dedfc247c7bf010c93c5e5e30bca2012704a7ce 10675933 python-django_5.1.1.orig.tar.gz
2a8fa6c39c7f702c8fdbc73f088c843ad1109bfa 29316 python-django_5.1.1-1.debian.tar.xz
33c798ff00ca83f2303fca84dc71891669e050ed 8317 python-django_5.1.1-1_amd64.buildinfo
Checksums-Sha256:
29dd8a29882c35d26809cfbfd043dc2cf9c8de45d4c987ff1f35e8c7cf788ed9 2783 python-django_5.1.1-1.dsc
021ffb7fdab3d2d388bc8c7c2434eb9c1f6f4d09e6119010bbb1694dda286bc2 10675933 python-django_5.1.1.orig.tar.gz
d34de12bfdcc29b6529a2775d822db51e6d0cf4cc4e00dd557b06599a2172c1e 29316 python-django_5.1.1-1.debian.tar.xz
8e3a1f6506aa6bff9144801aade7a80a7b3ac2614307627fe164ca571c878a9f 8317 python-django_5.1.1-1_amd64.buildinfo
Files:
9c6a4c0eb90f7fdcd0695876d744df08 2783 python optional python-django_5.1.1-1.dsc
8024c23d7efe9e7acb04496ae22739c7 10675933 python optional python-django_5.1.1.orig.tar.gz
a6e0e7b39a75cb70407870be3750a888 29316 python optional python-django_5.1.1-1.debian.tar.xz
8dbc53fb77c19b92048d1b5c46dd9050 8317 python optional python-django_5.1.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmbXOZEACgkQHpU+J9Qx
HljkSBAAki9wRXUL2upsFeEdt0WBmuZcOR+2XBuehgKqRw01GN2aE5Lya91yeeV2
VxJKiXz10sURvjfWTiYmk+OGHBX0ABudyRHUTA6BfwIBqODtXmHGxEOGZvrbfa64
Dcfmm9ZGY3Qg3ScOq72rC/EqdZU684IwnlVvxU/vu7lKFCKOoGdHFkQbSkXQsHN3
Fd1rH6VVSkgJSBXaiIAjVKZPNrpX9t0odoqxP1gjcojtjrxWKO8oA+bzlVwPBZsh
psZhQnM678ZbZvt6vRSgYQuiq9GSh/IkTqr6hqBePasUgR9gxk7sbHunItarDB02
+kgDrgCLIj3UUdEAPp9ZXTntpInMzJgXhkZLOqEs6pQ+j3H+FioSLp3vg/dzzQ1W
pSFxWeCzOXXjWxvumqNL047e9RjMHMUY4q4/jDfEcIENKuZ/s9fGjPqE+eIERrYK
KsCeju5qF1OZIz0hypfIyR60I0X3r3L6/pNJPw2vImMrWjH33wodvUnb2mST00zp
Bx5AhQHvvDmsZCL/n3Jli550ev7W9X7/+A0fZLdK1Y9LA4w1okFKPGAMpvNZyuC2
qjI9ghZt9yzpI437CblZ0LiElhCnC6+7+7oZK9MfOS+RwJuq6QWRT73mgPAfZ2aJ
wMIb1dukGwRxO/LaHapV1dX97Ver/+aHjfyLUGl+WwGyKua5ews=
=rDRp
-----END PGP SIGNATURE-----
