Back to python-django PTS page

Accepted python-django 1:1.11.29-1+deb10u3 (source all) into oldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted python-django 1:1.11.29-1+deb10u3 (source all) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 04 Nov 2022 13:01:38 +0000
Debian: DAK
Debian-architecture: source all
Debian-archive-action: accept
Debian-changes: python-django_1.11.29-1+deb10u3_amd64.changes
Debian-source: python-django
Debian-suite: oldstable
Debian-version: 1:1.11.29-1+deb10u3
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=cmyd5HDNCvxn6lOg5hKDg9XxaFIb93AL+klz/QU0DTE=; b=eim3Ce98Z9FGdJWLcGKbb7waXS iWt5WyGknhIF8b8ydnequzn01gfKzAZqjGM4A5OUXjoHd6qTR/HLGhApFVYdAV5/pITF9+LGp8qfo URQ9YW3n1OseN2IUiAQrfgmBx3JNpkoQQIfF3FDYVwZTAkKZQfrXquBW5T42a+UARJLoPh4nlYPIk nQvuQqH/NOjKYpMYbNFtakUhZ1TBn0us73uYlfdosVF8uwHu/lvcoK2aF0tlSiuxm5P78lg9XpBep 52kBWP6n1zghHxETSCXnToc72RCVOwkdaRkYzwgjEYnbKHlBvw/cnxIQTsTCqA9AUfXg0O1Fvid0l LZMqETYA==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1oqwKI-00AHWw-Ue@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 04 Nov 2022 09:35:40 +0000
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Architecture: source all
Version: 1:1.11.29-1+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Closes: 1003113 1009677
Changes:
 python-django (1:1.11.29-1+deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload by the Debian Long Term Security (LTS) team.
 .
   * CVE-2022-28346: An issue was discovered in Django 2.2 before 2.2.28, 3.2
     before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and
     extra() methods are subject to SQL injection in column aliases via a
     crafted dictionary (with dictionary expansion) as the passed **kwargs.
     (Closes: #1009677)
 .
   * CVE-2021-45115: An issue was discovered in Django 2.2 before 2.2.26, 3.2
     before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator
     incurred significant overhead in evaluating a submitted password that was
     artificially large in relation to the comparison values. In a situation
     where access to user registration was unrestricted, this provided a
     potential vector for a denial-of-service attack. (Closes: #1003113)
 .
   * CVE-2021-45116: An issue was discovered in Django 2.2 before 2.2.26, 3.2
     before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template
     Language's variable resolution logic, the dictsort template filter was
     potentially vulnerable to information disclosure, or an unintended method
     call, if passed a suitably crafted key. (Closes: #1003113)
Checksums-Sha1:
 20ed1d2e572ecd1e758dde55f73fd24a304a4ba7 3294 python-django_1.11.29-1+deb10u3.dsc
 e71620c18c985d8f5381bd87c02dbd23f1f48dd0 7977916 python-django_1.11.29.orig.tar.gz
 65277ec9e51064f511612fbcb12ad68513167b36 40384 python-django_1.11.29-1+deb10u3.debian.tar.xz
 a70bd671f31de3b1f20c8a9483e0645175f395f2 1539828 python-django-common_1.11.29-1+deb10u3_all.deb
 81a5bd5880b8111daa3f31f1d40d2aebb6509578 2692512 python-django-doc_1.11.29-1+deb10u3_all.deb
 615a31d7b851390fc9fdfe3a09fcde965fb14171 920068 python-django_1.11.29-1+deb10u3_all.deb
 3ff8dc942003e0ca17f089f9912141c49796c3f4 14883 python-django_1.11.29-1+deb10u3_amd64.buildinfo
 74128e74b69923968ccc8510b2fdf48cbc9732b4 919976 python3-django_1.11.29-1+deb10u3_all.deb
Checksums-Sha256:
 6b08bb37198d5fd19535d50bc673d0e644a172a200ef62c03ce0496c531cd50e 3294 python-django_1.11.29-1+deb10u3.dsc
 4200aefb6678019a0acf0005cd14cfce3a5e6b9b90d06145fcdd2e474ad4329c 7977916 python-django_1.11.29.orig.tar.gz
 e4d6f523cd5d252d6f70183b40d591661e8ace4980f060d9954a3a5c5018fb7b 40384 python-django_1.11.29-1+deb10u3.debian.tar.xz
 4fc53881e85e7aec04d70ee6f72fb4b0e8f44e21378bb99e924af7400d044ce8 1539828 python-django-common_1.11.29-1+deb10u3_all.deb
 d7aa1cb630c3f57075220b71a3c744f5458e0da835f6e0e74ce3e8fa208dc9c7 2692512 python-django-doc_1.11.29-1+deb10u3_all.deb
 aad2747bf615bc2055809fb937571cee6d15fcb10fe8805e2a549c48f3f9b457 920068 python-django_1.11.29-1+deb10u3_all.deb
 201b62e3ebbd5de665ad1b380b8ac3d287037ee46b5dc0d3b82037393a6ebbd5 14883 python-django_1.11.29-1+deb10u3_amd64.buildinfo
 c08f526809ea68b96934469c05df2dccdbc8eccbd249acef71a122cea05f33d5 919976 python3-django_1.11.29-1+deb10u3_all.deb
Files:
 ea5ff4bb86133676928e6917af70d9a3 3294 python optional python-django_1.11.29-1+deb10u3.dsc
 e725953dfc63ea9e3b5b0898a8027bd7 7977916 python optional python-django_1.11.29.orig.tar.gz
 fcada8000890fc3a7a35bbd52ff6ebb3 40384 python optional python-django_1.11.29-1+deb10u3.debian.tar.xz
 6a7c86154620c00be832282a631989a0 1539828 python optional python-django-common_1.11.29-1+deb10u3_all.deb
 fd6c72eadf8db2cdfa745d1ae4b9be34 2692512 doc optional python-django-doc_1.11.29-1+deb10u3_all.deb
 7115dc9f866ffc80fde26e280827c8af 920068 python optional python-django_1.11.29-1+deb10u3_all.deb
 a235737e740a557b91eb09056f82c6ef 14883 python optional python-django_1.11.29-1+deb10u3_amd64.buildinfo
 cec57b9953a83838728130259bbc14a4 919976 python optional python3-django_1.11.29-1+deb10u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNlDAEACgkQHpU+J9Qx
HlgsGA/9EJ5sEB/MQ+JElq27P/NC3E0tEVSdEK0YFbaGZzMzKijLAHPu9qPBpA+/
jmJExXEbWZPIQ7mkOzyymEEKD7JeVqV64nfWglgEnXkq2Pae35NxiRgNsPPr4h3Q
2mMwm/LKSpspXgDmrrCz5/qoNs2EGSLBonKzRPXdLX6B6gMNZEX8AvsXW+yscs/7
XXQvIZ+8Zh/7J8Pv9XJRMUYb/TA9ObJA7yy+gp3xUn/dgKrLCCsdqGX4B3L0WfUY
+wKxBict52ZLHImNJi2ptHFIXYEirjcokI7xuZNvgKEHSX+xKgrk+Q5mkTit66ia
QG0nJ8m4d1V81a+MPrS9Pe9RUPQ0KicTA1K6nkBF00tERkqNOkVjUsf+G3IWnsJz
qmga0vCBG+nklWaJjCOsUCy9dENQPUyirnKdKuUBYC9XFsQU5mXHC9gKWNUPROdM
4Gtk/kkAND8yAp17xkH4GhvXbPNJBcPWBOKHh44n04kL3sZUIauSMW6HXb1TnZNw
bArvyYKJtg/MPY84lojC74DffbPGJXOp4Yv9wG+BVdfn9zHqTMrrC+DamG2XxVGa
WVZ0TbasdM9cG3ZtRyONb9EC7csvdn7Us+Aaw9z7W1CH6lo/4vfk9qKIUTgqhsEh
EsVCnR6Jli1UxoLKBICUZxRpHsgMGJg0zovMkFZGsP0bBwMNA40=
=WqyS
-----END PGP SIGNATURE-----