Back to python-django PTS page

Accepted python-django 2:3.2.5-1 (source) into experimental

To: debian-devel-changes@lists.debian.org, debian-experimental-changes@lists.debian.org
Subject: Accepted python-django 2:3.2.5-1 (source) into experimental
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 01 Jul 2021 10:18:32 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1lytmC-000IBL-5F@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 01 Jul 2021 10:56:07 +0100
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:3.2.5-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 python-django (2:3.2.5-1) experimental; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2021-35042: Potential SQL injection via unsanitized
       QuerySet.order_by() input.
 .
       Unsanitized user input passed to QuerySet.order_by() could bypass
       intended column reference validation in path marked for deprecation
       resulting in a potential SQL injection even if a deprecation warning is
       emitted. As a mitigation, the strict column reference validation was
       restored for the duration of the deprecation period. This regression
       appeared in Django version 3.1 as a side effect of fixing another bug
       (#31426).
 .
     For more information, please see:
     <https://www.djangoproject.com/weblog/2021/jul/01/security-releases/>
Checksums-Sha1:
 d9b2c104d88f00cfd0604542debc014830c3647c 2779 python-django_3.2.5-1.dsc
 5a1e09930da6c0b1191eb82d466b8549edcb0c4c 9806547 python-django_3.2.5.orig.tar.gz
 5e55259bef69f2ae6296d19170ef4b79bff83a26 27236 python-django_3.2.5-1.debian.tar.xz
 57a7cf203d5a59443781eddc1a02439b0db3ed14 7560 python-django_3.2.5-1_amd64.buildinfo
Checksums-Sha256:
 2819187bb2625cc5d0d823b6fdf3f2cfc7350899f558658cb90051a728cca8ba 2779 python-django_3.2.5-1.dsc
 3da05fea54fdec2315b54a563d5b59f3b4e2b1e69c3a5841dda35019c01855cd 9806547 python-django_3.2.5.orig.tar.gz
 04db0989ce0469171ea6b75cd1e73200a93b75c83686fa5d1481887227472222 27236 python-django_3.2.5-1.debian.tar.xz
 7d5fcbab86411fd8da91ada5a86e0860c35358c285c7868db7fa20a0fddf8de1 7560 python-django_3.2.5-1_amd64.buildinfo
Files:
 5ee540afb803d4dc113d3dfdb044be38 2779 python optional python-django_3.2.5-1.dsc
 46e306a5a775cace03a03d5a158ff767 9806547 python optional python-django_3.2.5.orig.tar.gz
 62d54395bfe37b0b7792e22d41771e35 27236 python optional python-django_3.2.5-1.debian.tar.xz
 0e02e52db57b067dc38b736a319315c1 7560 python optional python-django_3.2.5-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmDdknoACgkQHpU+J9Qx
HljkQA//SeEJ8eNNnCrL5m0/L0UmCd9SvtrC+dHHW8QhpWmOOzyitR8ekQGOTfPs
5HMNC9Jcr/I2eMb82zIq6yGrNAw/3agSLrjTFdupLq5yh8yAC1pMt3jG186MUcun
EPNaSUwGYbkXG3S+bmAsWACapgb2dnX6rxyhkJxtakBYZZQhSaLioX+jcZnUWTwN
prvmMZQuqiqnGLqx4j0D91q8mufb5ctehojD32Fw/qIVuMyiDwxOM9DKUiFNpJC+
67V3BzVOOo6mRcBSrG6EXe5YhQwCJJofr3CS/8o/SrUB125jtVy1zamFPajEmZDI
+BuOiot0h4mU7uIBnV7mjABRM/2u4tU9ZXf6WejDazKMJyJPpdfMHdBu1fFRcCCR
V73ItCDvzZQV2azG62zCp0fKDlsLdex+9Y8lW3DdqykRDGQ/FM7NAs9CWgNiAQVW
4h9Ddxr6GInUqwez0e2PtnBnt5XRTm6gGIsVsAwVFYHFNZ/kmy3BWMbECuZzMuSw
oCJ9hlZjxHDx9qAXz3HQKj0P1mTU9DvPqEyJvn5D/YxKM5YQJCyz6QWsianZWu0c
CZvBPKd07W/pNf9GOJEaoLdLNhzqatLtybcu3lf0y1Dk5gRSF1qo0n8vkS/BUOOD
4jWiIr/2h3N0w6EfZt26uKJ9ps+I4PpcHirhCR3C7KHx4zVFcPU=
=AZKI
-----END PGP SIGNATURE-----