Back to python-django PTS page

Accepted python-django 2:4.0.2-1 (source) into experimental

To: debian-devel-changes@lists.debian.org, debian-experimental-changes@lists.debian.org
Subject: Accepted python-django 2:4.0.2-1 (source) into experimental
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 01 Feb 2022 17:34:19 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1nEx2p-000EI2-4d@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 01 Feb 2022 09:02:51 -0800
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:4.0.2-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1004752
Changes:
 python-django (2:4.0.2-1) experimental; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2022-22818: Possible XSS via {% debug %} template tag.
       The {% debug %} template tag didn't properly encode the current context,
       posing an XSS attack vector.
 .
       In order to avoid this vulnerability, {% debug %} no longer outputs
       information when the DEBUG setting is False, and it ensures all context
       variables are correctly escaped when the DEBUG setting is True.
 .
     - CVE-2022-23833: Denial-of-service possibility in file uploads
 .
       Passing certain inputs to multipart forms could result in an
       infinite loop when parsing files.
 .
     See <https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
     for more information. (Closes: #1004752)
Checksums-Sha1:
 cb621803e4a3e97e3db99d851200c23beaf88dea 2779 python-django_4.0.2-1.dsc
 b671dd5cb40814abb89953ce63db872036a7fb77 9996300 python-django_4.0.2.orig.tar.gz
 499cb39ae4033db321146b3f5c509402b6c22e8b 28412 python-django_4.0.2-1.debian.tar.xz
 5914b45c9d9266cef6a9b6b3e9b62dced517df84 7915 python-django_4.0.2-1_amd64.buildinfo
Checksums-Sha256:
 2cb44bdc787fa5e1f62d083e1a113766162776e347e383fbe3e68807a23c2466 2779 python-django_4.0.2-1.dsc
 110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a 9996300 python-django_4.0.2.orig.tar.gz
 66f94f095098474d44f0c1dd6b9afd56b0bbfd91921a89013991dc7e21a154b9 28412 python-django_4.0.2-1.debian.tar.xz
 dc2262bbf83657847dcd207de5b7c07899700b01ce2ea4d758c509a73984924f 7915 python-django_4.0.2-1_amd64.buildinfo
Files:
 e16dcb04ec2b0b5b9e4063348922a71b 2779 python optional python-django_4.0.2-1.dsc
 a86339c0e87241597afa8744704d9965 9996300 python optional python-django_4.0.2.orig.tar.gz
 1fef93dd00604da057ccb2dfde4fb03b 28412 python optional python-django_4.0.2-1.debian.tar.xz
 4962f09548b1dc07a0cf1c78869d7c4b 7915 python optional python-django_4.0.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmH5bPYACgkQHpU+J9Qx
Hljlrg/+LTMdi+/Jy00di92VV26fKAQUn4fqApJA9o9KSk9O4fBWR3dUkuWIT16T
1J9UrQDPvYvJIlf13baQSKnLgxPZtSH+wjDBCVOtxC/XNdxiQ7GnpDmmnAOpQgX1
3dVGpe3NmTx06HnwdlVTqzLIwLw1jBXG1aSk+bUal7NEfIc5wmUQcOLdT+4fOLo5
G3p0TmnnreWpWXvB6m2fPwT7wDvZdZ+MaRY8eK4WOOnZD04xAktBRIYWTGZlo78r
HbvBkTQaWSv908nDwS/d2MEQo52u1xJCOM68zv1oGL8cgs8rJiplgLCiL2dLDXzF
CnQkn9HJXsqrSJSgO8Vt4RObN3aOzmcp79SF5Kqye6OSaYt42v9nzR82zSGv67JX
Ue2bXcItXSl2zWrApDOefR+sCTkZfXB/3iBCDoRQezFqZJUXyALjIxz/r0o0ZTLv
md9j67v9bJdp3WGrbOLe2cf09FuW6bsVm2Zq8C6fetliddTv7wao4SrniQAexm0B
WmseI2DXWQusSXr+/AWOdkZT5itf35X0apuvvqcBQbbaDqW+EJFhiSkmZyS43/6N
aZBabu5JisNHZ/6wsIn6tiBcLOFHvUFHynNYf/SZ9C0X7CZkooUOkDiOcbWvpJw0
aM/3aAq+gvkkWMD3c9SXhZ/sCn3XMKPhsiOvEC8QhyHvT6iTnDw=
=usbx
-----END PGP SIGNATURE-----