Accepted python-django 2:3.2.13-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted python-django 2:3.2.13-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 12 Apr 2022 17:04:16 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=4YmHg39OuJ1vTkfHN/IYda1Uzr/24zzy8iF5Zel/Vmo=; b=qyS8FlHGK0WMMkOiJ7Su5P45Yk Dw8NnYerl9Y6ZW5rD817opMeo97Wvi4+OMfiUNci1uQhdIVeqkPJWLQh8IvrFbne6tIR0an6mcUT5 zuRwIGOoRiYSeTJQf7ELhjeV3PzlGGec52FeFyWXGqAYfag/n0MhgskAAnQ4p5sKgCTH1A1kE2GHR 3NSjU/AoGXESMnejNlPqJMUQlI5bul+qeBA9neU9H2LdoU9y+w5+l9MZvj6wh6VQFgl7ZIuUr9dT2 l6R2jxYZdg2K1PCHA0VOtNDNK1ANyWUL1sVd8QHyUkQ7rUFNSVyToaBhqdBbpueoipswBh5m1h2Ee kI6TyZBQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1neJw8-00037f-6m@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 12 Apr 2022 18:22:30 +0200
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:3.2.13-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
python-django (2:3.2.13-1) unstable; urgency=high
.
* New upstream security release:
.
- CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
aggregate(), and extra().
.
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.
.
- CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
on PostgreSQL.
.
QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.
.
See <https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>
for more info.
Checksums-Sha1:
6d0a7466579d14d93b9583910a2c9b953ed111dc 2807 python-django_3.2.13-1.dsc
3440b3d27bcd41f6a9954ab9584593ede769f41d 9813985 python-django_3.2.13.orig.tar.gz
d2435321284b5a70f22f174929d87b1a8648492d 35712 python-django_3.2.13-1.debian.tar.xz
81a85a17823e53499156da30c7a0cb446bcdfd7c 8132 python-django_3.2.13-1_amd64.buildinfo
Checksums-Sha256:
e5804ddf02f40011d1a922d7e00f6e8d1f57a86750271f9e0cbd4c6c68fbaefe 2807 python-django_3.2.13-1.dsc
6d93497a0a9bf6ba0e0b1a29cccdc40efbfc76297255b1309b3a884a688ec4b6 9813985 python-django_3.2.13.orig.tar.gz
88e639d8478ae0c1599b36c3678bc297145cac297333426e371cb86bb238e474 35712 python-django_3.2.13-1.debian.tar.xz
6cbb335ba3d4682638ab0a04f57c7feffad2300ac3aa40e9e55fed6955d8f015 8132 python-django_3.2.13-1_amd64.buildinfo
Files:
2a3eefdbda9899e3f0f4108df33bda07 2807 python optional python-django_3.2.13-1.dsc
fc8b0799ebe689fac24f13384b450c00 9813985 python optional python-django_3.2.13.orig.tar.gz
17857ec3f28c661fbcb5888fdb4bb348 35712 python optional python-django_3.2.13-1.debian.tar.xz
03174326e113599fcbbbe18da25da940 8132 python optional python-django_3.2.13-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmJVrNcACgkQHpU+J9Qx
HlizgRAAjjsxWAwWR0Pl8RLyAhuKdVh0GuanVhxkayF7NBGhtH0RlwbWe+b3t3tt
gKVzBJE/ZMZ4+4NHQYHZKlCPL3KIw7Q1IPwcIWHMDLIwEsNQLvN2C+qL1sL9QzEA
E0bljQVM2xtq238dIixs0I6BV2w+INc7i41SK70CXW44a2l7bpJLErK36qYP8EaO
wAqjeBZi/u1YHBRAobXxgPrkiuR442GNm+9O3mIEHKKgRTXJoKrAn1GiS8tH7MOe
oyjNp8FVbZjUmpHxbWrSesOZhKfHBWoK1FxeCiichM3guy+z/XF3umqfnqtOMHX3
M0jydlUKlJbzl4m7kXW2ON4qdJXNTpGaq7KQ6DZ+Vk7kSSdfOZqW4ELM3VMhv5bO
+aT7BRi0gJ7q+cbVZIlMgMXZorru8hQalegzozYzhZMX+UXZTnph3fX66VGKa7Pp
Bt6y0gNAUmbsplaemVZWCt6ch1p79+d1dv8CQvbpXmp0rcDtX3jTjcBICxieM+pk
1vZ89G9lRe1x0w6Ek+WzBz8pTzvxMq6CX7ckj7uNzgPkzcX1Pti/aeJtkQEs78Cx
AFh8x+eoRRZrRt0AOh1xS48d0CCbglIzTnU5XCa76cCUW/2e3k19Czug2uQtwA+D
sygypEDmzP+qluAAbgZqWOUtIn5tJrv+6aRwteeGvm00ThaPQeQ=
=sbzN
-----END PGP SIGNATURE-----