[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted python-django 2:3.2.9-2~bpo11+1 (source all) into bullseye-backports, bullseye-backports

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 18 Nov 2021 07:45:59 -0800
Source: python-django
Binary: python-django-doc python3-django
Built-For-Profiles: nocheck
Architecture: source all
Version: 2:3.2.9-2~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework
Closes: 946937 947549 953102 968577 969367 983090 983618 986447 988053 988136 989394 991098 996931
Changes:
 python-django (2:3.2.9-2~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 python-django (2:3.2.9-2) unstable; urgency=medium
 .
   * Team upload.
   * Fix __in lookup crash when combining with filtered aggregates.
     Fix for: https://code.djangoproject.com/ticket/32690
     This issue affects src:lava, where work is being done towards Django 3.2
     compatibility.
     Upstream patch from:
     https://github.com/django/django/commit/136ff592ad8aa8b7fa1e61435e5501cc98ce8573
   * Add Breaks: on lava-server << 2021.11 (Closes: #996931)
   * Add Breaks: on python-django-pyscss << 2.0.2-10 (Closes: #983618)
 .
 python-django (2:3.2.9-1) unstable; urgency=medium
 .
   * New upstream release.
     <https://docs.djangoproject.com/en/3.2/releases/3.2.9/>
 .
 python-django (2:3.2.8-1) unstable; urgency=medium
 .
   * New upstream bugfix release.
   * Drop a patch applied upstream.
   * Bump Standards-Version to 4.6.0.
 .
 python-django (2:3.2.7-4) unstable; urgency=medium
 .
   * Skip a test that is fixed upstream (with a number of overlapping patches).
 .
 python-django (2:3.2.7-3) unstable; urgency=medium
 .
   * Actually upload 3.2 branch to unstable...
 .
 python-django (2:3.2.7-2) experimental; urgency=medium
 .
   * Upload 3.2 branch to unstable.
 .
 python-django (2:3.2.7-1) experimental; urgency=medium
 .
   * New upstream bugfix release.
 .
 python-django (2:3.2.6-1) experimental; urgency=medium
 .
   * New upstream bugfix release.
     <https://docs.djangoproject.com/en/3.2/releases/3.2.6/>
   * Bump Standards-Version to 4.5.1.
 .
 python-django (2:3.2.5-2) experimental; urgency=medium
 .
   * Don't symlink /usr/bin/django-admin to "django-admin.py"; ship the script
     generated by the entry_points system instead, otherwise we introduce a
     confusing "django-admin.py" deprecation message when using "django-admin".
     (Closes: #991098)
 .
 python-django (2:3.2.5-1) experimental; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2021-35042: Potential SQL injection via unsanitized
       QuerySet.order_by() input.
 .
       Unsanitized user input passed to QuerySet.order_by() could bypass
       intended column reference validation in path marked for deprecation
       resulting in a potential SQL injection even if a deprecation warning is
       emitted. As a mitigation, the strict column reference validation was
       restored for the duration of the deprecation period. This regression
       appeared in Django version 3.1 as a side effect of fixing another bug
       (#31426).
 .
     For more information, please see:
     <https://www.djangoproject.com/weblog/2021/jul/01/security-releases/>
 .
 python-django (2:3.2.4-1) experimental; urgency=medium
 .
   * New upstream security release. (Closes: #989394)
 .
     - CVE-2021-33203: Potential directory traversal via admindocs
 .
       Staff members could use the admindocs TemplateDetailView view to
       check the existence of arbitrary files. Additionally, if (and only
       if) the default admindocs templates have been customized by the
       developers to also expose the file contents, then not only the
       existence but also the file contents would have been exposed.
 .
       As a mitigation, path sanitation is now applied and only files
       within the template root directories can be loaded.
 .
       This issue has low severity, according to the Django security
       policy.
 .
       Thanks to Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen from
       the CodeQL Python team for the report.
 .
     - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
       since validators accepted leading zeros in IPv4 addresses
 .
       URLValidator, validate_ipv4_address(), and
       validate_ipv46_address() didn't prohibit leading zeros in octal
       literals. If you used such values you could suffer from
       indeterminate SSRF, RFI, and LFI attacks.
 .
       validate_ipv4_address() and validate_ipv46_address() validators
       were not affected on Python 3.9.5+.
 .
       This issue has medium severity, according to the Django security
       policy.
 .
   * Bump Standards-Version to 4.5.1.
 .
 python-django (2:3.2.3-1) experimental; urgency=medium
 .
   * New upstream release.
     <https://docs.djangoproject.com/en/3.2/releases/3.2.3/>
 .
 python-django (2:3.2.2-1) experimental; urgency=medium
 .
   * New upstream security release:
     - CVE-2021-32052: Header injection possibility since URLValidator accepted
       newlines in input on Python 3.9.5+. (Closes: #988136)
     - Full release notes:
       <https://www.djangoproject.com/weblog/2021/may/06/security-releases/>
 .
 python-django (2:3.2.1-1) experimental; urgency=medium
 .
   * New upstream security release:
     - CVE-2021-31542: Potential directory-traversal via uploaded files.
       (Closes: #988053)
     - Full release notes:
       <https://www.djangoproject.com/weblog/2021/may/04/security-releases/>
   * Refresh patches.
 .
 python-django (2:3.2-1) experimental; urgency=medium
 .
   * New upstream major release:
 .
     - Full release notes: <https://docs.djangoproject.com/en/3.2/releases/3.2/>
     - CVE-2021-28658: The MultiPartParser class allowed directory-traversal
       via uploaded files via maliciously crafted filenames. (Closes: #986447)
 .
 python-django (2:3.2~rc1-1) experimental; urgency=medium
 .
   * New upstream release candidate.
     <https://www.djangoproject.com/weblog/2021/mar/18/django-32-rc1/#s-id5>
   * Refresh patches.
 .
 python-django (2:3.2~beta1-1) experimental; urgency=medium
 .
   * New upstream beta release.
     <https://www.djangoproject.com/weblog/2021/feb/19/django-32-beta-1-released/>
   * Apply wrap-and-sort -sa.
 .
 python-django (2:3.2~alpha1-2) experimental; urgency=medium
 .
   * Apply security fix from upstream:
 .
     - CVE-2021-23336: Prevent a web cache poisoning attack via "parameter
       cloaking". Django contains a copy of urllib.parse.parse_qsl() which was
       added to backport some security fixes. A further security fix has been
       issued recently such that parse_qsl() no longer allows using ";" as a
       query parameter separator by default. (Closes: #983090)
 .
     <https://www.djangoproject.com/weblog/2021/feb/19/security-releases/>
 .
 python-django (2:3.2~alpha1-1) experimental; urgency=medium
 .
   * New upstream alpha release.
     <https://www.djangoproject.com/weblog/2021/jan/19/django-32-alpha-1-released/>
   * Refresh patches.
   * Drop no-upstream-changelog overrides; removed from Lintian.
 .
 python-django (2:3.1.5-1) experimental; urgency=medium
 .
   * New upstream bugfix release.
     <https://docs.djangoproject.com/en/3.1/releases/3.1.5/>
 .
 python-django (2:3.1.4-1) experimental; urgency=medium
 .
   * New upstream bugfix release.
     <https://docs.djangoproject.com/en/3.1/releases/3.1.4/>
   * Bump Standards-Version to 4.5.1.
 .
 python-django (2:3.1.3-1) experimental; urgency=medium
 .
   * New upstream bugfix release.
     <https://docs.djangoproject.com/en/stable/releases/3.1.3/>
 .
 python-django (2:3.1.2-1) experimental; urgency=medium
 .
   * New upstream bugfix release.
     <https://www.djangoproject.com/weblog/2020/oct/01/django-bugfix-release-312/>
   * Update Maintainer field with new Debian Python Team contact address.
   * Update Vcs-* fields with new Debian Python Team Salsa layout.
 .
 python-django (2:3.1.1-1) experimental; urgency=medium
 .
   * New upstream security release to address CVE-2020-24583, CVE-2020-24584.
     (Closes: #969367)
     <https://www.djangoproject.com/weblog/2020/sep/01/security-releases/>
 .
 python-django (2:3.1-2) experimental; urgency=medium
 .
   * Set the PYTHONPATH in the autopkgtests in the same way that we do in
     debian/rules. (Closes: #968577)
 .
 python-django (2:3.1-1) experimental; urgency=medium
 .
   * New upstream release.
     <https://docs.djangoproject.com/en/3.1/releases/3.1/>
 .
 python-django (2:3.1~rc1-1) experimental; urgency=medium
 .
   * New upstream release candidate release.
     <https://www.djangoproject.com/weblog/2020/jul/20/django-31-release-candidate-1-released/>
 .
 python-django (2:3.1~beta1-1) experimental; urgency=medium
 .
   * New upstream beta release.
     <https://www.djangoproject.com/weblog/2020/jun/15/django-31-beta-1-released/>
   * Refresh patches.
 .
 python-django (2:3.0.7-2) experimental; urgency=medium
 .
   * Fix a regression in the handling of CVE-2020-13596.
   * Refresh patches.
 .
 python-django (2:3.0.7-1) experimental; urgency=medium
 .
   * New upstream security release.
     <https://www.djangoproject.com/weblog/2020/jun/03/security-releases/>
 .
 python-django (2:3.0.6-1) experimental; urgency=medium
 .
   * New upstream bugfix release.
     <https://docs.djangoproject.com/en/3.0/releases/3.0.6/>
 .
 python-django (2:3.0.5-1) experimental; urgency=medium
 .
   * New upstream release.
     <https://docs.djangoproject.com/en/3.0/releases/3.0.5/>
   * Refresh all patches.
 .
 python-django (2:3.0.4-1) experimental; urgency=medium
 .
   * New upstream security release. (Closes: #953102)
     <https://www.djangoproject.com/weblog/2020/mar/04/security-releases/>
   * Bump Standards-Version to 4.5.0.
   * Refresh debian/patches/0004-Use-locally-installed-documentation-sources.patch.
 .
 python-django (2:3.0.2-1) experimental; urgency=medium
 .
   * New upstream bugfix release.
     <https://www.djangoproject.com/weblog/2020/jan/02/django-bugfix-release-302/>
   * Add python3-selenium to test-dependencies and to a runtime "Suggests".
     (Closes: #947549)
 .
 python-django (2:3.0.1-1) experimental; urgency=medium
 .
   * New upstream security release.
     <https://www.djangoproject.com/weblog/2019/dec/18/security-releases/>
     (Closes: #946937)
 .
 python-django (2:3.0-1) experimental; urgency=medium
 .
   * New upstream release.
     <https://www.djangoproject.com/weblog/2019/dec/02/django-3-released/>
 .
 python-django (2:3.0~rc1-1) experimental; urgency=medium
 .
   * New upstream release candidate release.
     <https://www.djangoproject.com/weblog/2019/nov/18/django-30-release-candidate-1-released/>
 .
 python-django (2:3.0~beta1-1) experimental; urgency=medium
 .
   * New upstream beta release.
     <https://www.djangoproject.com/weblog/2019/oct/14/django-30-beta-1-released/>
   * Bump Standards-Version to 4.4.1.
   * wrap-and-sort -sa.
 .
 python-django (2:3.0~alpha1-1) experimental; urgency=medium
 .
   * New upstream alpha release.
     <https://www.djangoproject.com/weblog/2019/sep/10/django-30-alpha-1-released/>
   * Refresh all patches.
   * Add asgiref to build and runtime dependencies.
   * Update debian/copyright.
Checksums-Sha1:
 ec5eddbd29c4f0681aa97e3352f7372ab1462324 2832 python-django_3.2.9-2~bpo11+1.dsc
 cab67cdbd5124d8f87f7ab7c94fd08b52421bd7f 9809157 python-django_3.2.9.orig.tar.gz
 ca399207aa30c014d8cc136d2e91e16e4a1793c9 29280 python-django_3.2.9-2~bpo11+1.debian.tar.xz
 54e881aef00dc420aa2b39ea9478ab593487ab6a 2833736 python-django-doc_3.2.9-2~bpo11+1_all.deb
 cb75d608b25a3508e8edfa3e35f83fb92287809d 7982 python-django_3.2.9-2~bpo11+1_amd64.buildinfo
 a277d919eb529214455dc730aa2d2be9692a20ef 2836924 python3-django_3.2.9-2~bpo11+1_all.deb
Checksums-Sha256:
 04c0154a606210a89decb2d16fc46530a70f83cbd1b7d9ae2216f68b82a8a864 2832 python-django_3.2.9-2~bpo11+1.dsc
 51284300f1522ffcdb07ccbdf676a307c6678659e1284f0618e5a774127a6a08 9809157 python-django_3.2.9.orig.tar.gz
 5170d73f2123ed9ccc79f5d5357fc5eb785c45a143f05c3d39b8f03fe6d10ff3 29280 python-django_3.2.9-2~bpo11+1.debian.tar.xz
 de79c7d74c8ecb7798f981707778ab1351ae53fd4ff92d3c53803491713be634 2833736 python-django-doc_3.2.9-2~bpo11+1_all.deb
 b4a3a1da6bc4ab4b6bedca2c7e695d726a42cf0290dd4edabf89ac5c41d89568 7982 python-django_3.2.9-2~bpo11+1_amd64.buildinfo
 ee72b431447595036b2f4fa0909b38a2a79b016bd7ccbebb52db3b9ddce18d06 2836924 python3-django_3.2.9-2~bpo11+1_all.deb
Files:
 dee4bb8607c6d02879b0864741b056a2 2832 python optional python-django_3.2.9-2~bpo11+1.dsc
 86b100c1b2fd4ddf1a35ba394e4ad2d1 9809157 python optional python-django_3.2.9.orig.tar.gz
 45a214dfc3a9219772a589ba1879c72b 29280 python optional python-django_3.2.9-2~bpo11+1.debian.tar.xz
 d6e5863f031ef37c2ecb8cdafc738775 2833736 doc optional python-django-doc_3.2.9-2~bpo11+1_all.deb
 f6de408f4e2644690e86b911376a7eb0 7982 python optional python-django_3.2.9-2~bpo11+1_amd64.buildinfo
 8516eeb78da9fad8665bc6231b618231 2836924 python optional python3-django_3.2.9-2~bpo11+1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmGWdkEACgkQHpU+J9Qx
HlgODg/+L1N8zTGL4zuB1tFcwzhSBEemJPx3X8Bqpqcm9vm8iBW17yIWF0RF+obm
QJEefVyTzYIQU/91zQJFa8ZReBH6L5EX+OVArStOvOBRFGZ3QrI9Zqks+IFzqeyG
elsbbHqPsQt3OKnJC/zBFIbid6B9rjH06KLPvuwTfFW3+HK/QxKM6RABBkJjXtWN
/6tA+B6ZApKKHhIMt+ZMKED6OWNRiY8ki1e4Ni5N6ArVV7QSCJXLl5OQK9rOrpnO
eFoPPuu7YfUaBmS23aa9iHL2ZT9uN0QS4l0PKkipHKihfD8NqTrJjFuUT4/rYLG0
deETOTnw/3X3c6fN1Z67F9WKUQY5DkBnkI0cp2yNayMVK6ZVth4JYuGz3I98h+/i
qWLnJeVZIhzlXt2o2wTXI8cOaTza4/ioPERlZ2fwAztwcYggGz1hOPxlCB64GYIG
mjp3JZ0MunuUpFrHtggHOJ/lgGV83w2srNkPSk8w7PQ8enoAEhCs6FQFm+W3ojeu
RTqqVQ3sH5mZ9VBByX/mYYGWVxBQISB4gwzVYflOYIZwUd52lx+e2XRJYPIityxa
6p+ai+Ji2U8iAkxYpqjhueDTGZ9gN/Ul+dCgfIuhzG0x8qqrJ8k3xvpCriQAIj1f
tMvzuI0xaAT6oTyUO39QJ1FWwQaS9bsUYMa6mdRTlO26yGZNAr8=
=TbK6
-----END PGP SIGNATURE-----
Reply to: