Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-django 3:4.2.17-1 (source) into unstable
Date: Wed, 04 Dec 2024 17:50:13 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 04 Dec 2024 17:33:13 +0000
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:4.2.17-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 python-django (3:4.2.17-1) unstable; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2024-53907: Potential DoS in django.utils.html.strip_tags.
       The strip_tags() method and striptags template filter were subject to a
       potential denial-of-service attack via certain inputs containing large
       sequences of nested incomplete HTML entities.
 .
     - CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle
       Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle
       was subject to SQL injection if untrusted data is used as a lhs value.
       Applications that use the jsonfield.has_key lookup through the __ syntax
       are unaffected.
 .
     <https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>
 .
   * Refresh patches.
Checksums-Sha1:
 06d1680008d0fe95f8558c2e0ae858e9e07c8129 2764 python-django_4.2.17-1.dsc
 b96eaf8c473c6db686ca83125a26fd60f353b414 10437674 python-django_4.2.17.orig.tar.gz
 51084b2616a1446bd867044a400944841c9cf616 32256 python-django_4.2.17-1.debian.tar.xz
 42fb3cc38b2a9f5cecfdd2e28eceb5ca4ab63abf 8410 python-django_4.2.17-1_amd64.buildinfo
Checksums-Sha256:
 227e412314f8e3a9412ed9ce79b4138dbf14de2c9df7f5d38419864525b7440b 2764 python-django_4.2.17-1.dsc
 6b56d834cc94c8b21a8f4e775064896be3b4a4ca387f2612d4406a5927cd2fdc 10437674 python-django_4.2.17.orig.tar.gz
 9898066fdebe329a93ed51657efbdc9663b3a6db1a777e3f58826a12f37e10d6 32256 python-django_4.2.17-1.debian.tar.xz
 c7003fc55ed517a1dde4838ac50a480fa01bb60149c0f235d3b900e6d631038d 8410 python-django_4.2.17-1_amd64.buildinfo
Files:
 99c15122fdce26d6af4f2136efc70dbe 2764 python optional python-django_4.2.17-1.dsc
 f4da72476600b58016ddce31af4dc12b 10437674 python optional python-django_4.2.17.orig.tar.gz
 2995131f1469cd52fc72b3bf3449bd78 32256 python optional python-django_4.2.17-1.debian.tar.xz
 9f28be0315c2af53764c45fe8847dee1 8410 python optional python-django_4.2.17-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmdQlEMACgkQHpU+J9Qx
Hlj+tA/9FRWaetmWmfgfdQVyfBvdgRS9SjRrhxUIEgiq0H/x0gkL0rdg6HSgsvqB
sD9lYuzgk/f5KKKzIw72rnMkTSUoQgLjPaLpUp0xboJgpJ9Y4BF7TevrtJFD9hns
AtIeFtcZeB3pYr6Fec87/AXS+hTXcmdE/12CsXVV32nidbDK1vLUete2z/HEJb00
GUSlwhkimhOhmGCwM4Z+7D8gXeDHBcjyWCepibWupfuVf0MLQsuNqlndkXIfpeZi
7vujX4nPM/KhzQjfayVkHDss+ceFdi8JIm+iG7Tv6CektakKEnlmDQlbUO+zq4ys
rFFNIG1j1VEvYmQwSJDtB+a5mhvei/pdYt6LOgRNZYc7wAPuSYsAPDzTE0nnonup
8NRRdYBnvHsGGc3FG/GKINSgj16+f9Uys5DMtWt4RCczyqKIzdFsZBBzKmnmuwN+
F86ETtoh8ZpRF4BpDVcTSPpXBkuqrnUgcno4bONAM2FOchT9vQRQPvu45hc2r4Hr
aLnfDVMV8fNk5cpyDtSK7XrssAe8oljXM0/Mhi8zGrsylZXjMdNXMZYF4X4dKyxU
frZsH138iSAznFKF60Ptv+sJ0z8lEcyILe+tDu46WveZGFJYmA/9Wns6e+NJQja2
XMzuGwTX9JQzvKHvPbsxMSRpkcUZH5eHPTZKVWAjrxw4HGnIku8=
=SjmM
-----END PGP SIGNATURE-----
News for package python-django
