-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 09 May 2025 15:47:11 -0700 Source: python-django Architecture: source Version: 3:4.2.21-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1104872 Changes: python-django (3:4.2.21-1) unstable; urgency=medium . * New upstream security release: . - CVE-2025-32873: Denial-of-service possibility in strip_tags() . django.utils.html.strip_tags() would be slow to evaluate certain inputs containing large sequences of incomplete HTML tags. This function is used to implement the striptags template filter, which was therefore also vulnerable. strip_tags() now raises a SuspiciousOperation exception if it encounters an unusually large number of unclosed opening tags. . (Closes: #1104872) . <https://www.djangoproject.com/weblog/2025/may/07/security-releases/> . * Bump Standards-Version to 4.7.2. * Add pybuild-plugin-pyproject to Build-Depends. Checksums-Sha1: 8a909d3abe43ac0cfda7fc19f1eaea7d49be9b38 2790 python-django_4.2.21-1.dsc 755366735da491d8f31871d1f9c44a8f5fb419fe 10424638 python-django_4.2.21.orig.tar.gz ae70597e8f2e688006dddd0055e35d556a1ef1f1 33544 python-django_4.2.21-1.debian.tar.xz 6832d7a2869160fd4ada681a838036e39f97f8f3 9403 python-django_4.2.21-1_source.buildinfo Checksums-Sha256: 9d293da31f3b3a030abd9b83e4a346e800428be6ac5f24d9dfde33023cacca27 2790 python-django_4.2.21-1.dsc b54ac28d6aa964fc7c2f7335138a54d78980232011e0cd2231d04eed393dcb0d 10424638 python-django_4.2.21.orig.tar.gz 8b97258ef7904337a7b0c2771bb5fecd5d42e422e18b45293f75dc4d6639483d 33544 python-django_4.2.21-1.debian.tar.xz fb97e2105eccb15194ecb5864843c9cf04494f27647d7bc7bd59cb8f5d716dae 9403 python-django_4.2.21-1_source.buildinfo Files: f5ac915b7a67f7db9b6ffa3314d58347 2790 python optional python-django_4.2.21-1.dsc 15c20944ce41db14bf346a2f3362e6bd 10424638 python optional python-django_4.2.21.orig.tar.gz a975e1540e2438da2b8b865150825923 33544 python optional python-django_4.2.21-1.debian.tar.xz 5b891e58967062be8532393df9219e8c 9403 python optional python-django_4.2.21-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmgfvp0ACgkQHpU+J9Qx HliruxAAikEQrzZ/4Qt58EwJUNB7lBvePax2fv1vfyD4lywZmed9fFlzMjvoIcCe mb67vUrXfPiNqf8wCbs66juKtb9+0hE80yq0wq3KZNjksrJLCYawo48U0xVgR7f5 uAvxruC7pDXxicuv6Aj7C2XbuDfcgQJpZfrDK8TQCplySdp6A/MCRWZRwV56vyvE BtLWYn8igIqWXZ8S/UJP7ti+QO3wR7or3zonLAKxc20TXe1Kolbc77tXKpOJZH41 gqQT0eAaoZjzvWapzazcKW3pV3pUOUc4QHOD4sLsc8YAGyb/nJi7yxU/B0hnhIjp D69jKgZqYac1W+879yaPAMqPYjIW1ScrRF5sl59hB7CjC0pjzVcCCgxPizK3QvfM InTg+4lGN1IRy65b+XKp0nfCrPLAdAlAMwfB6ZEk0d/rNvm4JAmbzRZ9DwOujpN2 w0FMW0Sk5E2NK1W5TAACgBACRwgg8GvcKngVIlV6kegAEDccDCMWkJa6W9TX1gLD dSh5JBmWo60KTG8HpWorIF8yrmIrvVyM2vcY0jJsLBLI7ujEC9FuOcEB1RiyBVV6 s1wjuOobZ1ToLwBF1KsynEcVEyHHzEtmIT7jI+mNQGKa6Qpd2ZC3xIpfFxafCHDx jqzVcWkTECgRV22CEx+vfBAbhrvL9OALffJckw9ypRCXuf0Qaa4= =MYQP -----END PGP SIGNATURE-----
