Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted python-django 2:2.2.28-1~deb11u4 (source) into oldstable-security
Date: Fri, 10 Jan 2025 18:50:22 +0000
Signed by: Chris Lamb <lamby@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 10 Jan 2025 15:51:56 +0000
Source: python-django
Architecture: source
Version: 2:2.2.28-1~deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 python-django (2:2.2.28-1~deb11u4) bullseye-security; urgency=high
 .
   * The fix for CVE-2024-6923 in the python3.9 source package (released
     as part of a suite of updates in DLA 3980-1) introduced stricter processing
     of input in the email module to increase security around header injection
     attacks. This, however, inadvertedly broke sending emails when using lazy
     translation strings here in the Django package, resulting in the package
     failing to build from source — at approximately the same time as the
     previous upload (i.e. 2:2.2.28-1~deb11u3).
 .
     As the previous behaviour of Python's email module can be enabled by
     passing the strict=False, we now do so here, as Django detects and encodes
     newlines elsewhere in its handling of emails.
 .
     Thanks to Santiago for the report.
Checksums-Sha1:
 5dc4674aa34f53f5d8e8f261bbfc2e90a875ef08 2811 python-django_2.2.28-1~deb11u4.dsc
 0661bddaeca016d84abc4c808c1c677cd7d4aa7b 9187543 python-django_2.2.28.orig.tar.gz
 09dc8eaf96220f58cee3cd58c093d01adb8b1f0d 43432 python-django_2.2.28-1~deb11u4.debian.tar.xz
 004dd4627c42e1425487877479bed2a63dc432c6 14294 python-django_2.2.28-1~deb11u4_amd64.buildinfo
Checksums-Sha256:
 7505e1294dfe81487e0e22f25e2b1c88b2bd8f9bc06dd1b383577e26b085c527 2811 python-django_2.2.28-1~deb11u4.dsc
 0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413 9187543 python-django_2.2.28.orig.tar.gz
 27a836b85f986728ad85d38d1570c9b51d8f26f211b0dda2b4b049b1f37a56b9 43432 python-django_2.2.28-1~deb11u4.debian.tar.xz
 41d2cf8dce635090ffd22288328116085737e0fa94bd050899ead7dfa7e947d7 14294 python-django_2.2.28-1~deb11u4_amd64.buildinfo
Files:
 22e476bbe1c9dd752fff6efb40d39805 2811 python optional python-django_2.2.28-1~deb11u4.dsc
 62550f105ef66ac7d08e0126f457578a 9187543 python optional python-django_2.2.28.orig.tar.gz
 4174500c3b3c4e6d08ba91e7782326f3 43432 python optional python-django_2.2.28-1~deb11u4.debian.tar.xz
 81d09953c2691eaf381338b0d3f011f4 14294 python optional python-django_2.2.28-1~deb11u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmeBaeEACgkQHpU+J9Qx
HlhGqRAAjJOVNyRAFQC9gwBN8tt+VaBIG6VGB6FrM4dLoDmu4sCtQzNdxqdgIbo8
cA2bU8JkTSzzu5FBvkKWVrIyjm7jqZ6s8gHohUfkpWCtApQ11OZ2oTSufyFq0ULT
8rG39iXGbn9ON9xJg7mPG1U4Zhl5R64WUAFvGRN49WutAhld7X3BKmGmkPHdOSGQ
J0LLbhWSyrj1fOzYnLPjKdsGnzKmA61WhTji49gv7oxTSGgY7f9wKCwv5BXB+1JL
oNk02FDECh9oHItDU/tayqx/vHXxtmdF/xXBl0DpgDkPpF4QtMaNyXsHJx4dS2X/
W94p48B6ekU8HbLkkLxVrQUdiXzZGV9tljn8aC8ZTeNxGujUKw9VsVwycT0UjXvT
xUAzo17OEHEGLla/gSTG8qJJSprcNM6wCjF6zGWnzGjTlHgaSPCnGO0oJNXcwruy
CvnIFpm9/pyive09pn6bRw9D8L/mDpCTCnr+iw6G2Wlv1GqT1iZLHiqKk4wMXLmd
ptfY8B+2kr+REBf/RfJ8IuTO+fN9HQAyZEJPurb0GgTgIWVjFw73FzI6oeKIDch5
0K+Z6ANIxjAwbR4dUINNTZg9QHfpXRxhujBqrPurm3qy1+XLDISe/qpzRJs7M+ms
dNkCA1O9ulUfm5SFkdbHHMzvgpSMwHHaT2AjO+rQ+28Izl24xn8=
=IzFx
-----END PGP SIGNATURE-----

News for package python-django