Accepted python-django 2:4.0.4-1 (source) into experimental
- To: debian-experimental-changes@lists.debian.org, debian-devel-changes@lists.debian.org
- Subject: Accepted python-django 2:4.0.4-1 (source) into experimental
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 12 Apr 2022 16:34:44 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=3QeLhhzYJLbYMhPL0UIeXVDWz+1uQ4YDbuzTVQPdscg=; b=AlZi68F04buaaXzz9VzLGil2t7 CKqhrBPP0x664hi6fUZLn2/katyEqCHfonYq5/Erksm9fUPRJJF5ZJQO4LPfY8ksQ2i5LbrVyEKkX Z3JF28nF80v1A3qYZwSNB4Rn631P8syDgLcAjKjmXWxfJn/cyGsQ5ZvFzgpTuG9naLp30Npe79brk JwRFtS2lfReYSzQwpke+gWSJo1CqTaiVv0xyYV/6SqOoUnwtOejEUtZweveTkPL73xlBGbnPHUWPY hlLbL8GmNqacSc/qstaOjYIFabiytm8g9z2QiaGliujwsT4VNjwP5Pv7hSajgIE3BswgZSnOO/szJ Jid3jjsw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1neJTY-000Hlf-4M@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 12 Apr 2022 18:13:56 +0200
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:4.0.4-1
Distribution: experimental
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
python-django (2:4.0.4-1) experimental; urgency=high
.
* New upstream security release:
.
- CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
aggregate(), and extra().
.
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.
.
- CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
on PostgreSQL.
.
QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.
.
See <https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>
for more info.
Checksums-Sha1:
f10bdb5b2abe39d82107d5709714add568c6b8c2 2782 python-django_4.0.4-1.dsc
81855aaf0a5157dde385a9a9420b5cb0eea3a910 10388499 python-django_4.0.4.orig.tar.gz
d0296388cec5f526092e7f04795aa4a1535c7539 28648 python-django_4.0.4-1.debian.tar.xz
7a51edaa22a1b1ed6c292d6652f3dc771d9dd45b 7958 python-django_4.0.4-1_amd64.buildinfo
Checksums-Sha256:
5aa6ec44f076e9ef3be1722c3eb867cd234583cde8c536e389c2feefc372b9db 2782 python-django_4.0.4-1.dsc
4e8177858524417563cc0430f29ea249946d831eacb0068a1455686587df40b5 10388499 python-django_4.0.4.orig.tar.gz
4688c09e834bd8c682fb0a961e3c45c0a27496ea6858d85f83eec0de34b7d35d 28648 python-django_4.0.4-1.debian.tar.xz
e19186690f8b7e8222aa358eee776bc1d927a6ab1a6df59f09a646e4aba30d0f 7958 python-django_4.0.4-1_amd64.buildinfo
Files:
78e1ad9d2b380c738ac7f27e7ca62ca9 2782 python optional python-django_4.0.4-1.dsc
153fcb5dd7360b7ad219d65cb53e2d57 10388499 python optional python-django_4.0.4.orig.tar.gz
abf399c88ce4f1ff7bbf24be008acf29 28648 python optional python-django_4.0.4-1.debian.tar.xz
19a0770c76b09bdf42fb1a0b250dfe23 7958 python optional python-django_4.0.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmJVptEACgkQHpU+J9Qx
Hlj++w/8DVsd/WbKCd33JNIr15UmOnjTpO7fikb9a1ALNT7fhDB5WlIKJ7lrQNSl
vlRXQSI3LmXrmvHmhlNLVopcvb5IdhcCavIMupwNuk085VE6bvils0T6apmzYe8T
6O6TSLhR/FlPU6Gw/V0jgo7eqEwVFzH+tJ1/FrWl1N4KBIbK56Nkvtp1Ssd35oyD
GizfMR1uYgdybyUueDsmX+UElEuYxjX4LrcA2oe9mGVYSiCH/6OgdF0SJQ0O7juu
BPPDTM/aI878RAscF/7aMj1aWNtCWnI2iVPLwhXdPINh7VFtMEl6z+rJZkibxKbM
XP3KwOobLjsto+K8291UZvdeHpsvvY0l+mQKM0jXyiH5sdVp0SeICkWU3IElWoY4
5E9z90cp2cSG15epokLg3lPx4sS7fU6LMJi6tCdPLXSR50/iYnwVOmBWVStB8WV1
ySAKop/CKKCWQ5If3vBPu2wFs00NHjlS/BfdkM3fkTjO+aJ0lZdNyjCVdTk8ur+N
3OWxNq+y6hjiu/zhJqM8TC3QSnnU/ptuJKxmU+CfYBmqnHENdmb82RKdPsvLcqsT
hzrNY0lj4Grfsr25Bw7WjGzV0SohdiCu8e7wn//HnhcoANyL83qLHZ7CNCBxSmAP
NVyIjYD4yRGSGsAWt7B5wIwqbqAOf+VGNf3N+vH9Wi3X1wLVcsw=
=diX4
-----END PGP SIGNATURE-----