Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-django 3:4.2.26-1 (source) into unstable
Date: Wed, 05 Nov 2025 22:01:31 +0000
Signed by: Chris Lamb <lamby@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Nov 2025 08:36:26 -0800
Source: python-django
Architecture: source
Version: 3:4.2.26-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 python-django (3:4.2.26-1) unstable; urgency=high
 .
   * New upstream security release.
     <https://www.djangoproject.com/weblog/2025/nov/05/security-releases/>
 .
     - CVE-2025-64458: Fix a potential denial-of-service vulnerability in
       HttpResponseRedirect and HttpResponsePermanentRedirect. NFKC
       normalization in Python is slow on Windows; as a consequence,
       HttpResponseRedirect, HttpResponsePermanentRedirect and redirect were
       subject to a potential denial-of-service attack via certain inputs with
       a very large number of Unicode characters.
 .
     - CVE-2025-64459: Prevent a potential SQL injection via _connector keyword
       argument in QuerySet/Q objects. The methods QuerySet.filter(),
       QuerySet.exclude(), and QuerySet.get() and the class Q() were subject to
       SQL injection when using a suitably crafted dictionary (with dictionary
       expansion) as the _connector argument.
 .
   * Refresh patches.
Checksums-Sha1:
 1f51e5962a8bc2539c5e5cf7f0eec462ae2dd7c7 2792 python-django_4.2.26-1.dsc
 879a7dd2f0d2db3ba7c9618e84dc267e5aa362db 10433052 python-django_4.2.26.orig.tar.gz
 8b86179f70b7bf857fb7f5a3044b11bfa15bd119 34820 python-django_4.2.26-1.debian.tar.xz
 4d39669f0ec45ebb1d38924a156c9186fe2491f0 6388 python-django_4.2.26-1_source.buildinfo
Checksums-Sha256:
 38606136e92de4c347fdf762845d1d5875fdd50e1e8580a070b35b7d7cfc999d 2792 python-django_4.2.26-1.dsc
 9398e487bcb55e3f142cb56d19fbd9a83e15bb03a97edc31f408361ee76d9d7a 10433052 python-django_4.2.26.orig.tar.gz
 c81a724da7040fb1bcb5ce4c44d2e51c7b620ca76578fe6053cbf2ee2bb17c49 34820 python-django_4.2.26-1.debian.tar.xz
 c159d90397e53f956f82cf17681d316194bf19a71f6bda4670959e5e983cbb23 6388 python-django_4.2.26-1_source.buildinfo
Files:
 26ce652246da8f72c7b3c155846af4fd 2792 python optional python-django_4.2.26-1.dsc
 7a756599abea23cd9208e1c736739bdb 10433052 python optional python-django_4.2.26.orig.tar.gz
 c88dbf394ebd3af76953def70a74d48e 34820 python optional python-django_4.2.26-1.debian.tar.xz
 15225a22b56378309c96db6eb67631fa 6388 python optional python-django_4.2.26-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmkLsZ0ACgkQHpU+J9Qx
HlgCYQ//Ut9cpn9EEEpFR9JkIm60Pf29ZgVCj5/OIB4Jjomxevb8FCzbhmEGNEWB
0Tvleot5yJ5g3DZLA0dRdM9JqpRQG+6oHwUWnsDzeE/PGeRWCZu/oW39TT6iz25h
/hPqBO91ZWoQgN1V1JWkPbAyj5k/hP53b15ryyt77zwWVbVk2wymjWkTkjXkKsjH
2eojVRYVPsBR3uUv98sRJugjottWDDpTWVYN7rgprtM6oxUD6qe0nqXrjy+x4mGb
qENzG1DjjeF9RkImYMmMOBSx2cIsDJxOBclb/zH2Oih99S6q1jHwHnitZYqVtSKU
Aeirxqz8x4U50960ARQM3bGZm0XPU6Av9eFkN0nO7ne5T/MIy83exicuZbgSNUQc
8pAgiokUxRvPbd/uiKCbCu273GDFx1JE7aFq1aIASskcjKCAe5ssiYwkdVsfWzkg
BSbOIt6yg+D1AH/geAX5udnCPMWRqNT5YpsajRQmpOUanzTxd5vxmIBUZhGV5qaS
ADuxs1sfcjRAljjURscFK2xSS/iUyjdPnfy/6cbxgw0zZNVlpNj4kPP1WcArGuaD
WX0DV6TRASkGE9gdrQoKo30mHbhm1KGYxThpAI6agFzz2ia1ClXFz/JwThJ7IRtj
4Z27J3jzpwNU1fZa+TRg8yy2rEAI1Rv++n6FKLa/f13/1igb4Yo=
=brjA
-----END PGP SIGNATURE-----
News for package python-django
