Accepted python-django 1:1.11.29-1+deb10u3 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 04 Nov 2022 09:35:40 +0000
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Architecture: source all
Version: 1:1.11.29-1+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 1003113 1009677
Changes:
python-django (1:1.11.29-1+deb10u3) buster-security; urgency=high
.
* Non-maintainer upload by the Debian Long Term Security (LTS) team.
.
* CVE-2022-28346: An issue was discovered in Django 2.2 before 2.2.28, 3.2
before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and
extra() methods are subject to SQL injection in column aliases via a
crafted dictionary (with dictionary expansion) as the passed **kwargs.
(Closes: #1009677)
.
* CVE-2021-45115: An issue was discovered in Django 2.2 before 2.2.26, 3.2
before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator
incurred significant overhead in evaluating a submitted password that was
artificially large in relation to the comparison values. In a situation
where access to user registration was unrestricted, this provided a
potential vector for a denial-of-service attack. (Closes: #1003113)
.
* CVE-2021-45116: An issue was discovered in Django 2.2 before 2.2.26, 3.2
before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template
Language's variable resolution logic, the dictsort template filter was
potentially vulnerable to information disclosure, or an unintended method
call, if passed a suitably crafted key. (Closes: #1003113)
Checksums-Sha1:
20ed1d2e572ecd1e758dde55f73fd24a304a4ba7 3294 python-django_1.11.29-1+deb10u3.dsc
e71620c18c985d8f5381bd87c02dbd23f1f48dd0 7977916 python-django_1.11.29.orig.tar.gz
65277ec9e51064f511612fbcb12ad68513167b36 40384 python-django_1.11.29-1+deb10u3.debian.tar.xz
a70bd671f31de3b1f20c8a9483e0645175f395f2 1539828 python-django-common_1.11.29-1+deb10u3_all.deb
81a5bd5880b8111daa3f31f1d40d2aebb6509578 2692512 python-django-doc_1.11.29-1+deb10u3_all.deb
615a31d7b851390fc9fdfe3a09fcde965fb14171 920068 python-django_1.11.29-1+deb10u3_all.deb
3ff8dc942003e0ca17f089f9912141c49796c3f4 14883 python-django_1.11.29-1+deb10u3_amd64.buildinfo
74128e74b69923968ccc8510b2fdf48cbc9732b4 919976 python3-django_1.11.29-1+deb10u3_all.deb
Checksums-Sha256:
6b08bb37198d5fd19535d50bc673d0e644a172a200ef62c03ce0496c531cd50e 3294 python-django_1.11.29-1+deb10u3.dsc
4200aefb6678019a0acf0005cd14cfce3a5e6b9b90d06145fcdd2e474ad4329c 7977916 python-django_1.11.29.orig.tar.gz
e4d6f523cd5d252d6f70183b40d591661e8ace4980f060d9954a3a5c5018fb7b 40384 python-django_1.11.29-1+deb10u3.debian.tar.xz
4fc53881e85e7aec04d70ee6f72fb4b0e8f44e21378bb99e924af7400d044ce8 1539828 python-django-common_1.11.29-1+deb10u3_all.deb
d7aa1cb630c3f57075220b71a3c744f5458e0da835f6e0e74ce3e8fa208dc9c7 2692512 python-django-doc_1.11.29-1+deb10u3_all.deb
aad2747bf615bc2055809fb937571cee6d15fcb10fe8805e2a549c48f3f9b457 920068 python-django_1.11.29-1+deb10u3_all.deb
201b62e3ebbd5de665ad1b380b8ac3d287037ee46b5dc0d3b82037393a6ebbd5 14883 python-django_1.11.29-1+deb10u3_amd64.buildinfo
c08f526809ea68b96934469c05df2dccdbc8eccbd249acef71a122cea05f33d5 919976 python3-django_1.11.29-1+deb10u3_all.deb
Files:
ea5ff4bb86133676928e6917af70d9a3 3294 python optional python-django_1.11.29-1+deb10u3.dsc
e725953dfc63ea9e3b5b0898a8027bd7 7977916 python optional python-django_1.11.29.orig.tar.gz
fcada8000890fc3a7a35bbd52ff6ebb3 40384 python optional python-django_1.11.29-1+deb10u3.debian.tar.xz
6a7c86154620c00be832282a631989a0 1539828 python optional python-django-common_1.11.29-1+deb10u3_all.deb
fd6c72eadf8db2cdfa745d1ae4b9be34 2692512 doc optional python-django-doc_1.11.29-1+deb10u3_all.deb
7115dc9f866ffc80fde26e280827c8af 920068 python optional python-django_1.11.29-1+deb10u3_all.deb
a235737e740a557b91eb09056f82c6ef 14883 python optional python-django_1.11.29-1+deb10u3_amd64.buildinfo
cec57b9953a83838728130259bbc14a4 919976 python optional python3-django_1.11.29-1+deb10u3_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNlDAEACgkQHpU+J9Qx
HlgsGA/9EJ5sEB/MQ+JElq27P/NC3E0tEVSdEK0YFbaGZzMzKijLAHPu9qPBpA+/
jmJExXEbWZPIQ7mkOzyymEEKD7JeVqV64nfWglgEnXkq2Pae35NxiRgNsPPr4h3Q
2mMwm/LKSpspXgDmrrCz5/qoNs2EGSLBonKzRPXdLX6B6gMNZEX8AvsXW+yscs/7
XXQvIZ+8Zh/7J8Pv9XJRMUYb/TA9ObJA7yy+gp3xUn/dgKrLCCsdqGX4B3L0WfUY
+wKxBict52ZLHImNJi2ptHFIXYEirjcokI7xuZNvgKEHSX+xKgrk+Q5mkTit66ia
QG0nJ8m4d1V81a+MPrS9Pe9RUPQ0KicTA1K6nkBF00tERkqNOkVjUsf+G3IWnsJz
qmga0vCBG+nklWaJjCOsUCy9dENQPUyirnKdKuUBYC9XFsQU5mXHC9gKWNUPROdM
4Gtk/kkAND8yAp17xkH4GhvXbPNJBcPWBOKHh44n04kL3sZUIauSMW6HXb1TnZNw
bArvyYKJtg/MPY84lojC74DffbPGJXOp4Yv9wG+BVdfn9zHqTMrrC+DamG2XxVGa
WVZ0TbasdM9cG3ZtRyONb9EC7csvdn7Us+Aaw9z7W1CH6lo/4vfk9qKIUTgqhsEh
EsVCnR6Jli1UxoLKBICUZxRpHsgMGJg0zovMkFZGsP0bBwMNA40=
=WqyS
-----END PGP SIGNATURE-----
Reply to: