Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-experimental-changes@lists.debian.org> , <debian-devel-changes@lists.debian.org>
Subject: Accepted python-django 3:5.1.4-1 (source) into experimental
Date: Wed, 04 Dec 2024 17:33:03 +0000
Signed by: Chris Lamb <lamby@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 04 Dec 2024 16:55:05 +0000
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:5.1.4-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 python-django (3:5.1.4-1) experimental; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2024-53907: Potential DoS in django.utils.html.strip_tags.
       The strip_tags() method and striptags template filter were subject to a
       potential denial-of-service attack via certain inputs containing large
       sequences of nested incomplete HTML entities.
 .
     - CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle
       Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
       was subject to SQL injection if untrusted data is used as a lhs value.
       Applications that use the jsonfield.has_key lookup through the __ syntax
       are unaffected.
 .
     <https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>
Checksums-Sha1:
 161fb4a49a727c42159762a787e4e572b86bfb2b 2783 python-django_5.1.4-1.dsc
 6e47f95d8b22cfd314c8b2676b2f854016f498b5 10716397 python-django_5.1.4.orig.tar.gz
 1894dc093e31f613a25e0a239b296533c7164cea 29540 python-django_5.1.4-1.debian.tar.xz
 7be980d0b7dbec7a17c89d0a98fd17fa24e87345 8495 python-django_5.1.4-1_amd64.buildinfo
Checksums-Sha256:
 9a296b20690a84b6e26573def5317652ae577905b80645688fd07138093d5d4f 2783 python-django_5.1.4-1.dsc
 de450c09e91879fa5a307f696e57c851955c910a438a35e6b4c895e86bedc82a 10716397 python-django_5.1.4.orig.tar.gz
 b6955235f7512234698d846be4a282fcbbe517b9e805c4f7b2c3cc5e9183496c 29540 python-django_5.1.4-1.debian.tar.xz
 50cce4d59f47a87e1962a43e5d30f8b9403e8b0eab80d19c85c746ece0d3fc8f 8495 python-django_5.1.4-1_amd64.buildinfo
Files:
 e3b6ab630351fcea266ef1d9b0b7147e 2783 python optional python-django_5.1.4-1.dsc
 03ec3e0f2d6cbcb9eb11c629ca1c538b 10716397 python optional python-django_5.1.4.orig.tar.gz
 a7839113510c999c4a97b0a93955cd8c 29540 python optional python-django_5.1.4-1.debian.tar.xz
 d9f602df1d601700428979ae7f77b7d3 8495 python optional python-django_5.1.4-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmdQjC8ACgkQHpU+J9Qx
HlguRRAAm/bu3CGBSWOGIoxKNwOKDa+bzYfebmEmkFB5VQtOQGB8Sv2q1l+ggLPh
FrP8Fxa+iqDJchnnJN1qAv2UzBQqGlopIZL+b2JfvnvxuoBoBR7rS/0DfPUOyYHb
v/2t+d5pcTEb+/qv7BGB3E0Mu/e8rh5rH2vHAOri9RIMUk6j4C6ocpCGQL5ooo8P
xhYYTgk4eRf+fLocEM+Fi0tI1iBg9FRWjEfvW3dJpbE98h+IaTXa2Pscvm+wVe9N
jIMr97C0l4SCRoQazwUiOrpWQkskMCCfzgihSGzaZCqx8F6KmLPeWSSoU1dFEXyx
cusxCMfpZkeJvSttKC2o2A+swG54I0zjfspXa4JX9KChWeooc9sBpEKkd/6thq0O
awFYbyaMBze7ylrgn73f/hxhbGmtJIbb9G9QrDI1041R19XCGIxHWu1KqMNjTXxx
msx6cPtQIEoJdeLK4EwJGlSROjshGn6KJ+vr842OB6J9AGdCB+23mQYxgVAAPBUB
rOp3vGeztecEE6bYUSU9mosuxbLDW930FXeN4wxf1sZ7c9UUM0mYiZ7jn2bRL39E
6E+OZwDYPLQoeZ9z9a+UUsbu2wCgO3uBOpoYohuO2BN0hWHT4gPt0fPzMyfoLUbc
y8Zh4olgK+wh6rczN1yW4Q9iEokhcKydUXX10vq0M32LSwr2xiE=
=S11e
-----END PGP SIGNATURE-----

News for package python-django