Debian Package Tracker

From: Chris Lamb <lamby@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-django 1:1.11.10-1 (source all) into unstable
Date: Thu, 01 Feb 2018 18:24:00 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 01 Feb 2018 17:42:06 +0000
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Built-For-Profiles: nocheck
Architecture: source all
Version: 1:1.11.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Changes:
 python-django (1:1.11.10-1) unstable; urgency=medium
 .
   * New upstream security release:
     - CVE-2018-6188: A regression in Django 1.11.8 made
       django.contrib.auth.forms.AuthenticationForm run its
       confirm_login_allowed() method even if an incorrect password is entered.
       This can leak information about a user, depending on what messages
       confirm_login_allowed() raises. If confirm_login_allowed() isn't
       overridden, an attacker enter an arbitrary username and see if that user
       has been set to is_active=False. If confirm_login_allowed() is
       overridden, more sensitive details could be leaked.
   * Use HTTPS "Format" URI in debian/copyright.
Checksums-Sha1:
 e4bd338af815c5e4b00fa305a09220b15a6e92d5 3184 python-django_1.11.10-1.dsc
 69485a3f6f9d0fcc15e5d50788bcae1f82216028 7881348 python-django_1.11.10.orig.tar.gz
 d9471f0b5a11c9940db967675953bce93c7af912 24080 python-django_1.11.10-1.debian.tar.xz
 5b63dc8c22ae0a2dced8ba442d80b68f2ff18f01 1534788 python-django-common_1.11.10-1_all.deb
 9534701535df4633504de4ebaba99041a04cd0d6 2603500 python-django-doc_1.11.10-1_all.deb
 043d5010fd316eb114f09aeca6365dc5232ac957 913744 python-django_1.11.10-1_all.deb
 4adcd1e2e954d8f0bfd894fa1c295b09093ed6ea 8083 python-django_1.11.10-1_amd64.buildinfo
 5edf988d67bf40c519974226e0ab3e40e34e357a 913544 python3-django_1.11.10-1_all.deb
Checksums-Sha256:
 b82f0597620fcc5b8d24463af01ce6cdd7b90e31fddf0417e3697855d4060345 3184 python-django_1.11.10-1.dsc
 22383567385a9c406d8a5ce080a2694c82c6b733e157922197e8b393bb3aacd9 7881348 python-django_1.11.10.orig.tar.gz
 c03e91ce5069b6c383fe32702e75ded2b880ad739300e20784fb14dae7ecbf62 24080 python-django_1.11.10-1.debian.tar.xz
 9c037b52002b5b11c559ce233933c1cb8d2b46feffd63ec3f095d8da1f453ed8 1534788 python-django-common_1.11.10-1_all.deb
 268d0010a2fd92a7ede01e157763ca6d94015c32a5f361bfb1305cf873c509f5 2603500 python-django-doc_1.11.10-1_all.deb
 9a546e83a0af1ee6f63e50cb310f763851fe8dc9ce754a93cc7fdf5b3b0fbbdd 913744 python-django_1.11.10-1_all.deb
 e1bc34998e75c69369f86b9891d0df2bba9e3e1167a3a0dc026fad192e95e132 8083 python-django_1.11.10-1_amd64.buildinfo
 cd0a1672e190c0b8857932b844ebf1e6c56055c65ec86f33a6bfa64f3e7074fa 913544 python3-django_1.11.10-1_all.deb
Files:
 259c55d574f7e617deb43d9ff144de11 3184 python optional python-django_1.11.10-1.dsc
 f306015e16a8d5024dbac923ac34fffb 7881348 python optional python-django_1.11.10.orig.tar.gz
 616f39b76e357ff44c3e87ef5c120898 24080 python optional python-django_1.11.10-1.debian.tar.xz
 08c5f0d9d0492ba009231c093a411e37 1534788 python optional python-django-common_1.11.10-1_all.deb
 e0fa5de10f97ef0511b875553a2e86a1 2603500 doc optional python-django-doc_1.11.10-1_all.deb
 7448ead40bd93cde02aa7e3f254079d4 913744 python optional python-django_1.11.10-1_all.deb
 ae13b8d6146b8de3c8817e634935d601 8083 python optional python-django_1.11.10-1_amd64.buildinfo
 c1c47b9abfe29d9f4a6952094392e52f 913544 python optional python3-django_1.11.10-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlpzUwcACgkQHpU+J9Qx
Hlh31xAAm6quQ/u8/6B3ewj9yiU/Y7xRPtlWhdZDp0+qLqMyguEmcIyiVxp1prYK
3gzC87rTwSlCIwE1zxhb+1FAXW6IXFDqbpBiPrBI/we12DQ7TZHnvRKa6ZO0ZpMo
CS4xK7pK15KMMvybxpYVEMSA4nc+BMuDRl6si7GHrftO4bdVf7mZLa68GlLhVVyc
uuQFQbAtHwq9BgVKK8iYw42+Arb1UAi+DlJ8UEML+xRxpogxfF9i0DCxca5HpPh8
g+0XijxiBxw0SoQCPtag1EPZ35U9ViA/a45ddo4EnhJIFRLDMWWxzXND7A+pGr5E
hniU7W0NDccmG3WXlhsJ1snl0L4YaQaKvDxbmApkVRtjNf4iJ9YYHQODIA8HBhWu
Zc997Iy5EsRKq/WsZTQvg74JRwt71FYfy4MVnwPyp0giKFJ2jnSH54U5kfbU4Sif
Ae7AI3RouYszxcAippltOzR+ejnRwoFJYTykfcPxIBoqANY39qZRUHUcm6oIiXx5
5ss01zp1bbCUcj0XmKhqFgFBG0QypuSfFxBtUOBix447ZDqfgMc+X6v3BIc4J8eZ
P6CW1+0jRlznGt1rIjaKOCnsZXy8c3b3zAa49r0SJQiHhxDu4sTrvpCPmj+Wop1B
aVPI1yo+yYOwNWeUC0rXTvTCsRIzH+WKeU9FHv2x98HuvVszDvY=
=lFUF
-----END PGP SIGNATURE-----
News for package python-django
