-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 01 Oct 2018 14:23:27 +0100 Source: python-django Binary: python3-django python-django-doc Built-For-Profiles: nocheck Architecture: source all Version: 2:2.1.2-1 Distribution: experimental Urgency: medium Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 910016 Changes: python-django (2:2.1.2-1) experimental; urgency=medium . * New upstream security release. . CVE-2018-16984: Password hash disclosure to "view only" admin users. If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view (but not change) permission to the user model were displayed the entire hash. While it's typically infeasible to reverse a strong password hash, if a site uses weaker password hashing algorithms such as MD5 or SHA1, it could be a problem. (Closes: #910016) . * Move all documentation to /usr/share/doc. * Really remove all license files (eg. LICENSE-SELECT2.md). * debian/tests/control: Drop deprecated needs-recommends test restriction. Checksums-Sha1: 0b58bccf144252c5f54847c6809562ff5d9f20ed 2666 python-django_2.1.2-1.dsc 1be0feba9cb817f422a116f6b3bddbe1bd353ca7 8611286 python-django_2.1.2.orig.tar.gz 9f3ef08feb6322ffe862a36106afb29608636822 23812 python-django_2.1.2-1.debian.tar.xz 6a0d88e9d46a2cea08193cd5a368168f76cf3496 3040096 python-django-doc_2.1.2-1_all.deb 6d130f2ae839e280414462137af587b6c19fcd1b 7392 python-django_2.1.2-1_amd64.buildinfo 5b93566e7fb22a5cd61448b7c4dc063056bc4d70 2588460 python3-django_2.1.2-1_all.deb Checksums-Sha256: b798bc6dde6d3522ba1bd4695d21cf96560849326927359438b3ca7e1a9cd764 2666 python-django_2.1.2-1.dsc efbcad7ebb47daafbcead109b38a5bd519a3c3cd92c6ed0f691ff97fcdd16b45 8611286 python-django_2.1.2.orig.tar.gz 43d9571a097a37a5b22282fae120caacab90b542fd3024d89357f68fd207515c 23812 python-django_2.1.2-1.debian.tar.xz afdd476cff7db79d2686b93f298a22986185149c30e49549599f74b4b6bcbdc6 3040096 python-django-doc_2.1.2-1_all.deb b9561abdc5c1a2e51540f95ee8b8f92d8c96dcfe2041e9582e1e1d84717254a7 7392 python-django_2.1.2-1_amd64.buildinfo 1ce9f330e165144746a8822c79f27b664643c6b3824bd7091ec52c9434dde06c 2588460 python3-django_2.1.2-1_all.deb Files: 699966b1ca33e44ba0fb8483fd3353d6 2666 python optional python-django_2.1.2-1.dsc 383ca4e98ad5d0aa9d71378fe743bdef 8611286 python optional python-django_2.1.2.orig.tar.gz 1878cb7f4370a48a35f21755c396c1f2 23812 python optional python-django_2.1.2-1.debian.tar.xz 5f4739f46b70e9a50073f4b4eb6711a0 3040096 doc optional python-django-doc_2.1.2-1_all.deb f935e8efb668c52804bce74c53dcffd9 7392 python optional python-django_2.1.2-1_amd64.buildinfo 441be386a37a397244e4f31e68b8987d 2588460 python optional python3-django_2.1.2-1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluyIdoACgkQHpU+J9Qx HliFGQ//Wd6+i8aEen8l61PUdU4WweRJ9W7QOp75hZLNUFDMPxIouap7zRrV8xKZ dLNU5h5zvycR35Ht9Ox5DWxexYSXIMv+wwngKk/TYshbUmS4hF3A9TFL68G6u/f5 SS+G8SlNjnmF1AnzBDjFmkFc19tJzR/lMfayPDXg5gTLmx8sp65q7KDs0TfVBQTg eRiAuDml+v+ps+iM7H7t9sDLoJbyj/I3WwzN+xHZKK4LAtqvOdbkj/yf4tWgrxaH DeS+6rt2PnhcZ8jhczrDdCKXFqOzrXcEdui6HHSJ9XaMkIIqleZ4z38uklxiI1q8 Gpu1XQnYKqV8POuPkG4mbE9rlEcsznMSMvOkxDicn3F9spEPTVrfxjnOYqIbrB1X cuB/tn/uHXYiFD8SnFatNGbFP6ewsuZylh54xoMBFjomjPQGITNNitL0oaskFluz HJwnLR2hUrrSOLpThfPcWvQkoeZZFEC3ME+izlzJk0XEQIH7SSnBs32v7wdB7Gir COfxxOv1rpAnxIa3Y/KrEckQd1GOm9FWtzpNW79bZXSQq3wK2R1YR2s4mb8l6NF0 vhqCXe3/yyOa6ak+UnNxZ/tlt1rWal8uCGvtQFHS0v+jVYk2ZxY0aat9y6Dh7Qu9 r6wc//e8v673wgJLT++YHkqHx2U16Mrs1grF020KgbJWbJ7EwuM= =uiY4 -----END PGP SIGNATURE-----