Accepted python-django 2:4.0.2-1 (source) into experimental
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 01 Feb 2022 09:02:51 -0800
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:4.0.2-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1004752
Changes:
python-django (2:4.0.2-1) experimental; urgency=medium
.
* New upstream security release:
.
- CVE-2022-22818: Possible XSS via {% debug %} template tag.
The {% debug %} template tag didn't properly encode the current context,
posing an XSS attack vector.
.
In order to avoid this vulnerability, {% debug %} no longer outputs
information when the DEBUG setting is False, and it ensures all context
variables are correctly escaped when the DEBUG setting is True.
.
- CVE-2022-23833: Denial-of-service possibility in file uploads
.
Passing certain inputs to multipart forms could result in an
infinite loop when parsing files.
.
See <https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
for more information. (Closes: #1004752)
Checksums-Sha1:
cb621803e4a3e97e3db99d851200c23beaf88dea 2779 python-django_4.0.2-1.dsc
b671dd5cb40814abb89953ce63db872036a7fb77 9996300 python-django_4.0.2.orig.tar.gz
499cb39ae4033db321146b3f5c509402b6c22e8b 28412 python-django_4.0.2-1.debian.tar.xz
5914b45c9d9266cef6a9b6b3e9b62dced517df84 7915 python-django_4.0.2-1_amd64.buildinfo
Checksums-Sha256:
2cb44bdc787fa5e1f62d083e1a113766162776e347e383fbe3e68807a23c2466 2779 python-django_4.0.2-1.dsc
110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a 9996300 python-django_4.0.2.orig.tar.gz
66f94f095098474d44f0c1dd6b9afd56b0bbfd91921a89013991dc7e21a154b9 28412 python-django_4.0.2-1.debian.tar.xz
dc2262bbf83657847dcd207de5b7c07899700b01ce2ea4d758c509a73984924f 7915 python-django_4.0.2-1_amd64.buildinfo
Files:
e16dcb04ec2b0b5b9e4063348922a71b 2779 python optional python-django_4.0.2-1.dsc
a86339c0e87241597afa8744704d9965 9996300 python optional python-django_4.0.2.orig.tar.gz
1fef93dd00604da057ccb2dfde4fb03b 28412 python optional python-django_4.0.2-1.debian.tar.xz
4962f09548b1dc07a0cf1c78869d7c4b 7915 python optional python-django_4.0.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmH5bPYACgkQHpU+J9Qx
Hljlrg/+LTMdi+/Jy00di92VV26fKAQUn4fqApJA9o9KSk9O4fBWR3dUkuWIT16T
1J9UrQDPvYvJIlf13baQSKnLgxPZtSH+wjDBCVOtxC/XNdxiQ7GnpDmmnAOpQgX1
3dVGpe3NmTx06HnwdlVTqzLIwLw1jBXG1aSk+bUal7NEfIc5wmUQcOLdT+4fOLo5
G3p0TmnnreWpWXvB6m2fPwT7wDvZdZ+MaRY8eK4WOOnZD04xAktBRIYWTGZlo78r
HbvBkTQaWSv908nDwS/d2MEQo52u1xJCOM68zv1oGL8cgs8rJiplgLCiL2dLDXzF
CnQkn9HJXsqrSJSgO8Vt4RObN3aOzmcp79SF5Kqye6OSaYt42v9nzR82zSGv67JX
Ue2bXcItXSl2zWrApDOefR+sCTkZfXB/3iBCDoRQezFqZJUXyALjIxz/r0o0ZTLv
md9j67v9bJdp3WGrbOLe2cf09FuW6bsVm2Zq8C6fetliddTv7wao4SrniQAexm0B
WmseI2DXWQusSXr+/AWOdkZT5itf35X0apuvvqcBQbbaDqW+EJFhiSkmZyS43/6N
aZBabu5JisNHZ/6wsIn6tiBcLOFHvUFHynNYf/SZ9C0X7CZkooUOkDiOcbWvpJw0
aM/3aAq+gvkkWMD3c9SXhZ/sCn3XMKPhsiOvEC8QhyHvT6iTnDw=
=usbx
-----END PGP SIGNATURE-----