Back to python-django PTS page

Accepted python-django 3:4.2.1-1 (source) into experimental

To: debian-devel-changes@lists.debian.org, debian-experimental-changes@lists.debian.org
Subject: Accepted python-django 3:4.2.1-1 (source) into experimental
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 03 May 2023 17:10:09 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: python-django_4.2.1-1_amd64.changes
Debian-source: python-django
Debian-suite: experimental
Debian-version: 3:4.2.1-1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=zetDyEIExaAmGPiTuTGLs+pQeWyuxufow7Qi3Y3lU+k=; b=SYP6PjBJB7VBaLl/qLJ505/MBQ nchkEXJ5H/1t6xbhpopb2+Q9aTL2CnMQTqX2PgVtzBYnWKV8vUwrFr40HVHJmtoncUbvC5oNOnnX1 VsalUgtUUBCJM62xmNl03uUHYSRRfiX02Hg+tGPqLLzYgdlwBSFtG2BuhuxYP7L0jEyvF5Ht40pfm HgovMmVLJVBjWZNv7R4zc8ejeEp7VMWqm0+wPRWF9wcCetsFwifd0H4VjlZNgCtEGZm2DwaxsHOvh 3jsPdhJUatbYgpcSNhfxflwWLxp7bv0/4kI0kjLQaYQV7exTqU+ClDxU/kM3AzDbaSW+OuwwdfXzt SvDTAqdQ==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1puFzV-005vSO-1B@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 May 2023 09:13:17 -0700
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:4.2.1-1
Distribution: experimental
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1035467
Changes:
 python-django (3:4.2.1-1) experimental; urgency=high
 .
   * New upstream security release.
   * CVE-2023-31047: Prevent a potential bypass of validation when uploading
     multiple files using one form field.
 .
     Uploading multiple files using one form field has never been supported by
     forms.FileField or forms.ImageField as only the last uploaded file was
     validated. Unfortunately, Uploading multiple files topic suggested
     otherwise. In order to avoid the vulnerability, the ClearableFileInput and
     FileInput form widgets now raise ValueError when the multiple HTML
     attribute is set on them. To prevent the exception and keep the old
     behavior, set the allow_multiple_selected attribute to True.
 .
     For more details on using the new attribute and handling of multiple files
     through a single field, see:
 .
       <https://docs.djangoproject.com/en/stable/topics/http/file-uploads/#uploading-multiple-files>
 .
     (Closes: #1035467)
 .
   * Refresh patches.
Checksums-Sha1:
 b1dfd7e655318e4ec40671eb875cbdd3a0dfc955 2782 python-django_4.2.1-1.dsc
 8f7818eea7f091ff0deec68ade8b45cb47b0c6a2 10420051 python-django_4.2.1.orig.tar.gz
 127ffdff3944fc2e2affb51af400656a77d68d1b 28632 python-django_4.2.1-1.debian.tar.xz
 1572d024b933bea439f77a473c0ddfa6902755be 7782 python-django_4.2.1-1_amd64.buildinfo
Checksums-Sha256:
 39206f42bc826adefc66e7bf0962fa788aee77b3d32101ded2a73495af38e92c 2782 python-django_4.2.1-1.dsc
 7efa6b1f781a6119a10ac94b4794ded90db8accbe7802281cd26f8664ffed59c 10420051 python-django_4.2.1.orig.tar.gz
 e3721d135b60f20c3e3132ad592eba7b8819bfda599ce5eb86484ad7aa0a845f 28632 python-django_4.2.1-1.debian.tar.xz
 a81c91f703b23ffd05cb98e1c077dfd5b371578cd68073fcd91c954e9f50785f 7782 python-django_4.2.1-1_amd64.buildinfo
Files:
 ebfbaf5d60d73ee29fb4b09f4b3b37b9 2782 python optional python-django_4.2.1-1.dsc
 8a047b5d96d7a2b7a173f56ca9869e8a 10420051 python optional python-django_4.2.1.orig.tar.gz
 ac54ded14904ad42a8a9f4d9991be0f1 28632 python optional python-django_4.2.1-1.debian.tar.xz
 79874c1775b3b247d26ac66cae923fd1 7782 python optional python-django_4.2.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmRSjAkACgkQHpU+J9Qx
Hljg3g//VThwL1vFau6SocBr+a2pzREMtNa+0kJf7wSKQUKC1tDigFzyekn0L+XM
IVne8DZCyvveGki52w46UDWBRMvwF1hQaX3oNC8VY5vJK2mf4wVus3j6EMsjOKgg
rMb620v6TVeckbQlE6MhWyRjVQMxNaZz34upNMxWicbA0yOAmFvJwP01xg4UxWTv
fy2M8QrSs372xUltvatkpnxNxDYCC4VbgXFnnR+cLdZhPxmq9r4lAiAM1IiwynNq
bVI0f3sWz38AdKKCpVd1X+DlA1k+tB1TfLd766+m/W6CJAKHESWMdLuiK+mIdxsa
NGnqAIByTBfM8+8sAlKoPDTe7IOScF2bwv6eQEzPz+5N/MzqwGaD1opkaISFiJBq
VJPF9EHgWgPCFn3FLvkpK+DnpZoc8em0LUS5/gjK9Z9jFtVtLK773HXjhL+tFWv6
QXgJLT7RmciWVoPcZi2dK7WlXff9JF4zKws5RYl8g74D/bFLB165pxl4o0GEi7gA
b+knr5Yb+SUMHRTvMiqLNgcNIHdaQ7hwDmYsJhpomjkslqakLgBasYavMlI6PG8J
nZowoWC88R5nh5cjBsGI6B4j52wx0yVzgurfqGLMi6t+PZT0SjmdWf8AESTCyLbs
F+uUJ9zYqlV+Hfm7V4x3Ey9nox5m8u3GsVcXk9ROOQ9C976eV8g=
=r3Kv
-----END PGP SIGNATURE-----