Accepted python-django 1.7.11-1+deb8u9 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 04 Jun 2020 16:17:33 +0100
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Built-For-Profiles: nocheck
Architecture: source all
Version: 1.7.11-1+deb8u9
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Changes:
python-django (1.7.11-1+deb8u9) jessie-security; urgency=medium
.
* CVE-2020-13254: Potential a data leakage via malformed memcached keys.
.
In cases where a memcached backend does not perform key validation, passing
malformed cache keys could result in a key collision, and potential data
leakage. In order to avoid this vulnerability, key validation is added to
the memcached cache backends.
.
* CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget.
.
Query parameters to the admin ForeignKeyRawIdWidget were not properly URL
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures
query parameters are correctly URL encoded.
.
For more information, please see:
<https://www.djangoproject.com/weblog/2020/jun/03/security-releases/>.
.
* Fix up test failures introduced in 1.7.11-1+deb8u3 via the fix for
CVE-2018-7537.
* Fix up test failures introduced in 1.7.11-1+deb8u8 via the fix for
CVE-2019-19844.
Checksums-Sha1:
291ca5477b2078e41a157ac29bbb341acfc1f7a8 2721 python-django_1.7.11-1+deb8u9.dsc
f9abaf7eacec73bc1c5e6080e2778a7174ebf9d4 7586798 python-django_1.7.11.orig.tar.gz
e25f0ba6df34617d7838474fa6caa04221dbaae4 43088 python-django_1.7.11-1+deb8u9.debian.tar.xz
7b39f911b8be01604391cda85f9a8840ca9023cb 986598 python-django_1.7.11-1+deb8u9_all.deb
f655c550c469921553f5f56a23d4295a4e88f09b 975122 python3-django_1.7.11-1+deb8u9_all.deb
682f864abeb1184cfba7a8503d684947f6135ea0 1491566 python-django-common_1.7.11-1+deb8u9_all.deb
fcf0eb96f8d6ce68f152302a1b4712830ab337e9 2478808 python-django-doc_1.7.11-1+deb8u9_all.deb
Checksums-Sha256:
6ea904eea472712b2d88ecb998c1141facc44f6003d8004928be83a74e090391 2721 python-django_1.7.11-1+deb8u9.dsc
2039144fce8f1b603d03fa5a5643578df1ad007c4ed41a617f02a3943f7059a1 7586798 python-django_1.7.11.orig.tar.gz
487166c91d0cc17aef04b1b02341c8b5bf3f354fe39144c73df357ef908e548c 43088 python-django_1.7.11-1+deb8u9.debian.tar.xz
ca5a5ca1dd5935f12f63e950800b62bbf68cd181f2e74de8c68a533636171343 986598 python-django_1.7.11-1+deb8u9_all.deb
22d085025a73532e460032110a183d3e5f0d8b9d7e357cef2239bdf8ed5f2338 975122 python3-django_1.7.11-1+deb8u9_all.deb
d3d66fb9990266e27a5d4e536ed34cf5aadabe2290c489a2919ab72b7a1402af 1491566 python-django-common_1.7.11-1+deb8u9_all.deb
a0642fea58bb737d0a1f863d0c6120738a6c50b449988335195d0bfecb718e67 2478808 python-django-doc_1.7.11-1+deb8u9_all.deb
Files:
b18938f45b74873b7b87448a2e5cf747 2721 python optional python-django_1.7.11-1+deb8u9.dsc
030b2f9c99a6e4e0418eadf7dba9e235 7586798 python optional python-django_1.7.11.orig.tar.gz
f5b11453cf9f7311cf87c6212be68aa7 43088 python optional python-django_1.7.11-1+deb8u9.debian.tar.xz
599d60a633d2a69fe718b09390fec22a 986598 python optional python-django_1.7.11-1+deb8u9_all.deb
af8546330ecf233e8c84db8e759be199 975122 python optional python3-django_1.7.11-1+deb8u9_all.deb
57ea81ff8340c0f2b83b4e113d2e9637 1491566 python optional python-django-common_1.7.11-1+deb8u9_all.deb
d22097e5016a670c54edfd8d1303649e 2478808 doc optional python-django-doc_1.7.11-1+deb8u9_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7ZGdYACgkQHpU+J9Qx
Hlh+ZBAAhVSdbzUHtyPtjECYZuaDMur+CMY/FiLlLCQ1Mb9yKN5PgzY8sI4cA9bH
5Xz8+pYskSNWm9Kw3xpEf8CfsqHU8eYl7Yv8O9VtuAAvwVztjFhFquZ2eqoPjw8j
OI4gi9iIW6hU7pPvaCwL40s/wlGaMyDkfQeW/fUnmxY0FxGm+n0K7X2xjR8olbo0
e5DV4y/jBgqvzCiSxQ7Zn40vUeAE16fhRXLbNXPjoQlHhu3BRjt4SjHBcxQeiaz4
hPCiGG1FnrthzgGnjBCUEdoCb3/kC+DNtt72wkKR2pj0Wmix1Ba4dt5ByVtlBPzB
qAVruur/dbB8zbn8swj2HqHa4pdzKbJwBSqNcr+dfZJyuMZIhJ0TFdyhBsyNqbu8
Qn6Ix7Zj65cBQIoHPJ4COA1xl2oB5F6gSTJk5N6Uc+47MPdOYvVDFfW5bGXzE+LU
GIvmRGoQxttdP4oGeezMfFpvNey5ehgi7txv2QI9kJCSfmkR3RPF6AgfwNllT6tO
mMC0oRpBpsGrsYdKtx7LNQSV6FA/oRmuvEhCiCrZLNL2fLCu2/qj7rK4iW6dHGrv
kELK7CnysmgwaRuUKtBxlrmtJWP88mK5uS4lXQTUx7fBC8t1UXC6UA/0Pwc+2zFN
xA3iGk7pDhYTy7nGs9qM+Mx/g7CyFre3oD39qZvO0hjZTjw7VS8=
=0UBQ
-----END PGP SIGNATURE-----