Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-django 3:4.2.16-1 (source) into unstable
Date: Tue, 03 Sep 2024 16:50:21 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 03 Sep 2024 17:31:33 +0100
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:4.2.16-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 python-django (3:4.2.16-1) unstable; urgency=high
 .
   * New upstream security release:
 .
     - CVE-2024-45230: Potential denial-of-service vulnerability in
       django.utils.html.urlize(). urlize and urlizetrunc were subject to a
       potential denial-of-service attack via very large inputs with a specific
       sequence of characters.
 .
     - CVE-2024-45231: Potential user email enumeration via response status on
       password reset. Due to unhandled email sending failures, the
       django.contrib.auth.forms.PasswordResetForm class allowed remote
       attackers to enumerate user emails by issuing password reset requests and
       observing the outcomes. To mitigate this risk, exceptions occurring
       during password reset email sending are now handled and logged using the
       django.contrib.auth logger.
 .
   * Bump Standards-Version to 4.7.0.
Checksums-Sha1:
 588fd4e3db45d173118f54b5f9aa992b2ce9fc00 2764 python-django_4.2.16-1.dsc
 850cfa6be52834e0e1abef6e64903229791b05b9 10436023 python-django_4.2.16.orig.tar.gz
 f0678b55d47c39c1a33a1ae99838a9ceb4592dad 32072 python-django_4.2.16-1.debian.tar.xz
 5e0818108e38b2f116f44fef5bd8324727cc2d1b 8078 python-django_4.2.16-1_amd64.buildinfo
Checksums-Sha256:
 1423c38a82fd0aba678f637a1cdefc83239a69d0d5853178de0accb3e6e2535f 2764 python-django_4.2.16-1.dsc
 6f1616c2786c408ce86ab7e10f792b8f15742f7b7b7460243929cb371e7f1dad 10436023 python-django_4.2.16.orig.tar.gz
 7b843fc741804ac6e1a151dabfa142fd85e62b7974359aa640fa69151cd40ecd 32072 python-django_4.2.16-1.debian.tar.xz
 614bd246cb6646edf5546b222dedc81b90d55242393bc1a578d4460f0cac28b8 8078 python-django_4.2.16-1_amd64.buildinfo
Files:
 db1bf2e205b992fc40fb6c32090836c2 2764 python optional python-django_4.2.16-1.dsc
 290c4b542590d86c700a04652d7cf1b7 10436023 python optional python-django_4.2.16.orig.tar.gz
 f168e9aa69abcda9617e06787c007c30 32072 python optional python-django_4.2.16-1.debian.tar.xz
 14fc5aa7ce3d9c35202c99fc2b4767b5 8078 python optional python-django_4.2.16-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmbXO5UACgkQHpU+J9Qx
Hli3BQ//X35WxqXqKLjixTZVH8RxCWi7mWnACTEtD9tTkED8kbx/EE/xnBUco5VB
76t+1jtg/XVQnTinIEehG9IV4t3fy3YQJalE5R39wAqIPiOJ7EoL47l11Vn9pjMs
Fi6kM0IczFIEC7JsJJouQdkXBFqy+5aJAsN9hf/7S/JHztK6N4fIJJo91IODGZci
Rg0DwrkdRTZPoD4kLUwAoi6lzL7a7wegdwp5Ol+1WmxSTJFvjP8PZ1ylAPrUadj1
/Y5NgW+QikyBGsTVrRyOH+Xz7FsGWlj1eYfMkjg8Z/dafXon3B294FpUPiUNDhVw
1oarqYK3tvjUzMrfTX++klEZ9/SEmbakcezf40gPeW1dhMVkk4DPlBdgElD6dwFz
a/8qCsEBBEEPcnRQrfMVd1taZ5hbu9yQk1SioYnraXN5NseWxqZThArtkT6uE5uh
MgPwax43Fmo8QMV6yja9k79jD1YhsxecR0qad7T3gy2277gNwTcw4YL+Mr5Jy5uv
/RuGG1hIcc9yJS8VpilnXfC39Tnb2vZX7Up70MLFFnuSTUC00t/4TVdQKG7OWy5g
6NomeM7+P1M/pHVZfstIw/fGPU5aMu+ow/fsy2cx9g27pC8KYgIuMFLs23Xim1xr
CoAL6r1Y57ERFF6U6rpVrPvmQ/q5/UKB1R0fRxdGBYIxpp9/wEs=
=1xdN
-----END PGP SIGNATURE-----
News for package python-django
