Back to python-django PTS page

Accepted python-django 2:4.0.6-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted python-django 2:4.0.6-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 05 Jul 2022 11:50:18 +0000
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=MI5AlAMtKXG4hYYJWygzADnjD4nTqlxx53Mh85/F7qk=; b=WwlOD4/OwqGJBTbmaceKtqX4ur UR3eC+30TPFCmp5p7pp8UbXqwfwtW1JagGRvdfxpxNUqN4dc6DDHmOQs87FaYHNLUD8gsoN6XzsSm TcqMeFU9rHEkN3Sr2dn6SbZCruzwKjLQPPZ3zIqG/eiZmpSCgJZa8e+8bHGZlLb+vEWWlcVKYa46q 1AHMvVKIwegwoeJo5mD30aUJD654bbzPW2Hazoc2GWZya/wfZtuFDf6KI6vt9aRxcWrL92AgmLp9j CAOnc04PoEw1FtBj+9NnkLVYrZQoOP/EQlGTD+X3C+e6nAMFIMd/wt7rX4XqFrESKiP9CMAsBJyvi mmvS+/ww==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1o8h4M-0008fD-Ls@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 05 Jul 2022 12:38:15 +0100
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:4.0.6-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 python-django (2:4.0.6-1) unstable; urgency=high
 .
   * New upstream security release:
 .
     - CVE-2022-34265: Potential SQL injection via Trunc(kind) and
       Extract(lookup_name) arguments.
 .
       "Trunc() and Extract() database functions were subject to SQL injection if
       untrusted data was used as a kind/lookup_name value. Applications that
       constrain the lookup name and kind choice to a known safe list are
       unaffected."
 .
       "This security release mitigates the issue, but we have identified
       improvements to the Database API methods related to date extract and
       truncate that would be beneficial to add to Django 4.1 before it's final
       release. This will impact 3rd party database backends using Django 4.1
       release candidate 1 or newer, until they are able to update to the API
       changes. We apologize for the inconvenience."
 .
       <https://www.djangoproject.com/weblog/2022/jul/04/security-releases/>
 .
   * Refresh patches.
Checksums-Sha1:
 166dc0c5d58cb7d4099f57eae6bbaad40ddd8c6c 2803 python-django_4.0.6-1.dsc
 ab615f080cd1ae855b56e6542817877effc88c64 10389543 python-django_4.0.6.orig.tar.gz
 e07b0b2879a7ca6da96ecf72e396e224e041e3ed 30464 python-django_4.0.6-1.debian.tar.xz
 b15de4fae47bd7fda83a72a579b6fbb08901a2e8 8279 python-django_4.0.6-1_amd64.buildinfo
Checksums-Sha256:
 1f85af66abda2e50ce9207e4ba888d348e5400e04f399fd263377573551e3db6 2803 python-django_4.0.6-1.dsc
 a67a793ff6827fd373555537dca0da293a63a316fe34cb7f367f898ccca3c3ae 10389543 python-django_4.0.6.orig.tar.gz
 ac63b02f0a31b9f383371653a88928357a2fc16029aa1fd947aec45d959f61c7 30464 python-django_4.0.6-1.debian.tar.xz
 b7d5e96228ef3a83708c02c59144bd4c4b636659644c8dea13af865eed9f209e 8279 python-django_4.0.6-1_amd64.buildinfo
Files:
 f9be03cb695a12c859b77186504d612f 2803 python optional python-django_4.0.6-1.dsc
 ad4e850c7110a45a6c7778d5bd01b85e 10389543 python optional python-django_4.0.6.orig.tar.gz
 773e9827004c4fe1ae801914f0fce418 30464 python optional python-django_4.0.6-1.debian.tar.xz
 d673e0cd8c01f15b3a18c34761b428ce 8279 python optional python-django_4.0.6-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmLEJIEACgkQHpU+J9Qx
HliZsA//bVGECclrj8I4B10MEJuTsFXbas+5S7aq3E/C4WJRUt8+k6dNRz1t7KxT
tJjUXGzvZ3pxPmb0bYh4XRVGXbyOYWJCj4Nb44vS/vqtqW2ESXmDCsnSZYcBsucH
EO7zD940tCCQAsfPb119v47PHLubZURcmLuDhZwsnSoYlWpVRqZxTroorX1Mw+h7
hLsdXs0VKHznfi0QMNOs8Fsi9DxPmbum5+d7zH3ZfAwuBYeMQnDGimME4nBQ3MZU
vzVL8t3tCyhYjq2miXgJeGLV+CAcPSswv5raIoNdST5uAFgTgYvnfooYiTb6Lo0N
2xEeV7NgZVbD7P/K9UoNAAlD8CJbIT/iOgf7s39y9n3P3jfxbBFZ4GlepQcYa2SB
gI+QVuhlU2kEpFUE2KJE5wCBLO0f953GShTmtxd8lLYbxGU81FBuf268Jm7lruvQ
7iDbk5UszuwFwRKl/alchfFBNtH84xbvStJUa1BwdKCzWmHzQ6xIBbMdZW6E/vSG
RpI3qVKzx8J8MdIlL+ujtWs75i9qIeqB5GrK116h7XMp+3ycmRQV7RS2jtkcO979
IxPT3AZ/76KyPMklHHx6zHEjHaHyVYNw9LP8GoSiEZLGqezQULETeNN1JqDlE8x+
VsSiGiaZl5ObT6YkEIvPQjAVcRtTo9loVxDIzTZMhhrsQnuoIS4=
=JQ8j
-----END PGP SIGNATURE-----