Back to python-django PTS page

Accepted python-django 3:4.2.6-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted python-django 3:4.2.6-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 05 Oct 2023 07:34:28 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: python-django_4.2.6-1_amd64.changes
Debian-source: python-django
Debian-suite: unstable
Debian-version: 3:4.2.6-1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=2zGh175djQCpbqZhAkHP+DLLFYe8RhPYyD2zcz+qr0s=; b=cY/h3KxxloDDtsgM/KNDrMoG3I abQonbfq5Q8xvqU7zsHKyGByv7xeOSaojoB00q5Nrm4VcOYUJ71HV5eGtiI3PLHsRJt2JPRSFt4ZX UcwiwTFVbkgL4i9Sc7GDbPdvHdsvMiuJ4XqbDqmsIw2mv4pJCWRoHy+fmwuSVxl9ngLHYt100VOeI X0nt+U+5Xsk4HkPlJScyhaoUiaAg+6zEo73MGkL3HoMo896NRsSTeAPBqmaeqAuB/IPhGx5xDUjb4 9vElC1RO4vsCA1wjJW4O0uwYfbXvxJKE4Shm5G4rkUD2P7Q2t6apJ29DwTC3m9WeleTZzBd+QC886 WlT61KIw==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1qoIsO-000frw-Oc@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 05 Oct 2023 09:17:06 +0200
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:4.2.6-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
 python-django (3:4.2.6-1) unstable; urgency=high
 .
   * New upstream security release.
 .
     - CVE-2023-43665: Address a denial-of-service possibility in
       django.utils.text.Truncator.
 .
       Following the fix for CVE-2019-14232, the regular expressions used in the
       implementation of django.utils.text.Truncator’s chars() and words()
       methods (with html=True) were revised and improved. However, these
       regular expressions still exhibited linear backtracking complexity, so
       when given a very long, potentially malformed HTML input, the evaluation
       would still be slow, leading to a potential denial of service
       vulnerability.
 .
       The chars() and words() methods are used to implement the
       truncatechars_html and truncatewords_html template filters, which were
       thus also vulnerable.
 .
       The input processed by Truncator, when operating in HTML mode, has been
       limited to the first five million characters in order to avoid potential
       performance and memory issues.
 .
     <https://www.djangoproject.com/weblog/2023/oct/04/security-releases/>
Checksums-Sha1:
 a022246e71830ebaa3f8933bb65c5e99359f0607 2782 python-django_4.2.6-1.dsc
 6e912eeabd1df0b652e0da44cd3a556a496a1811 10407018 python-django_4.2.6.orig.tar.gz
 429bd69ce5db87684b9fa1463ebdcc1afd0a1306 31088 python-django_4.2.6-1.debian.tar.xz
 4fed491e4e2d99927dec1bbbbf83d085ab0ec325 7860 python-django_4.2.6-1_amd64.buildinfo
Checksums-Sha256:
 bcf1d2abcd4a9a086a8dd458f36d78a16f53e7faeb7bbe46079418c3f85c2dd8 2782 python-django_4.2.6-1.dsc
 08f41f468b63335aea0d904c5729e0250300f6a1907bf293a65499496cdbc68f 10407018 python-django_4.2.6.orig.tar.gz
 ffbfbeb66ee754f0e257d8052253285d24306f561d202d87e4d4040b144ddb4d 31088 python-django_4.2.6-1.debian.tar.xz
 8809b83840e73dd1dc16b718d7c557dc5726133a344f8445673041422542eff7 7860 python-django_4.2.6-1_amd64.buildinfo
Files:
 fe4bed0b7bfe3781a39030879685c41d 2782 python optional python-django_4.2.6-1.dsc
 ad84c2b9bbebaa26427a2a656fe5ceea 10407018 python optional python-django_4.2.6.orig.tar.gz
 d385194f311ee720d8532bf49f2fa7ce 31088 python optional python-django_4.2.6-1.debian.tar.xz
 a5003824855baacdbdefa106e7969842 7860 python optional python-django_4.2.6-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmUeZUIACgkQHpU+J9Qx
HliXtQ//ZZKR5xRtO0faYGoxxFVyloQc1dTH4XhbsFtH9NTxbxNRvVkJJ8Q1IkZR
kSJJM336s3IN2zOIINrb6IrF3rdZpbUdK0CgMCYtaiP0f1ktboFw6L0YIbxaqecl
5lHS3z1U6okgZLDSv4yJg/lIMmipSaYTNxxJozYWOPs5unAUgZQN64xpjfNEnr96
aTMU5dkaH8tLJVhrE8M+9dqQv4+dO69yYos55nEoXM4dEbtfaUT2k9UkdCkr/8hS
Xkw/Nlu7EAGOuFcneZH3/Rltai5Hh4Ar9FWCYhuGNJgzXy93RCk+FF8FrRD28Bc5
+DIe/1KzRflhbQORVUDUWs6fjV5a6COlArgKGE+RXPtGv1M2pR7ZtqNVs/UQ78ct
v2YlTpyj4CDMLw6/za9Yh0oDeGeb5uW5SnPNqL+NBEA890ky6E92vb2XYQhtAc5a
7SaNZQ69Ny76cWbM+OPACU5/o43554Ouqw4JMUxBwBRAdkmvEPgxco11+jSbv+nf
I69AoKgQolV3s8vVdbQyrTOBs6SgvxDYUv1XRJLbbIhoB67XCxjrZeNkgyyGUxhe
r8J40H6iLNDlegQ7npvIyjRrRWnSSZsEbAiBOaByjQSJ3hiM0Qb/1N6h2qF9lFJ7
wpM66R4eZMqaabUwMJr9H0fPANwCviWfG4PYsAEzxCKnVXTwCVk=
=7Q/z
-----END PGP SIGNATURE-----