Accepted python-django 2:4.0.4-1 (source) into experimental
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 12 Apr 2022 18:13:56 +0200
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:4.0.4-1
Distribution: experimental
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
python-django (2:4.0.4-1) experimental; urgency=high
.
* New upstream security release:
.
- CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
aggregate(), and extra().
.
QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.
.
- CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
on PostgreSQL.
.
QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.
.
See <https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>
for more info.
Checksums-Sha1:
f10bdb5b2abe39d82107d5709714add568c6b8c2 2782 python-django_4.0.4-1.dsc
81855aaf0a5157dde385a9a9420b5cb0eea3a910 10388499 python-django_4.0.4.orig.tar.gz
d0296388cec5f526092e7f04795aa4a1535c7539 28648 python-django_4.0.4-1.debian.tar.xz
7a51edaa22a1b1ed6c292d6652f3dc771d9dd45b 7958 python-django_4.0.4-1_amd64.buildinfo
Checksums-Sha256:
5aa6ec44f076e9ef3be1722c3eb867cd234583cde8c536e389c2feefc372b9db 2782 python-django_4.0.4-1.dsc
4e8177858524417563cc0430f29ea249946d831eacb0068a1455686587df40b5 10388499 python-django_4.0.4.orig.tar.gz
4688c09e834bd8c682fb0a961e3c45c0a27496ea6858d85f83eec0de34b7d35d 28648 python-django_4.0.4-1.debian.tar.xz
e19186690f8b7e8222aa358eee776bc1d927a6ab1a6df59f09a646e4aba30d0f 7958 python-django_4.0.4-1_amd64.buildinfo
Files:
78e1ad9d2b380c738ac7f27e7ca62ca9 2782 python optional python-django_4.0.4-1.dsc
153fcb5dd7360b7ad219d65cb53e2d57 10388499 python optional python-django_4.0.4.orig.tar.gz
abf399c88ce4f1ff7bbf24be008acf29 28648 python optional python-django_4.0.4-1.debian.tar.xz
19a0770c76b09bdf42fb1a0b250dfe23 7958 python optional python-django_4.0.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmJVptEACgkQHpU+J9Qx
Hlj++w/8DVsd/WbKCd33JNIr15UmOnjTpO7fikb9a1ALNT7fhDB5WlIKJ7lrQNSl
vlRXQSI3LmXrmvHmhlNLVopcvb5IdhcCavIMupwNuk085VE6bvils0T6apmzYe8T
6O6TSLhR/FlPU6Gw/V0jgo7eqEwVFzH+tJ1/FrWl1N4KBIbK56Nkvtp1Ssd35oyD
GizfMR1uYgdybyUueDsmX+UElEuYxjX4LrcA2oe9mGVYSiCH/6OgdF0SJQ0O7juu
BPPDTM/aI878RAscF/7aMj1aWNtCWnI2iVPLwhXdPINh7VFtMEl6z+rJZkibxKbM
XP3KwOobLjsto+K8291UZvdeHpsvvY0l+mQKM0jXyiH5sdVp0SeICkWU3IElWoY4
5E9z90cp2cSG15epokLg3lPx4sS7fU6LMJi6tCdPLXSR50/iYnwVOmBWVStB8WV1
ySAKop/CKKCWQ5If3vBPu2wFs00NHjlS/BfdkM3fkTjO+aJ0lZdNyjCVdTk8ur+N
3OWxNq+y6hjiu/zhJqM8TC3QSnnU/ptuJKxmU+CfYBmqnHENdmb82RKdPsvLcqsT
hzrNY0lj4Grfsr25Bw7WjGzV0SohdiCu8e7wn//HnhcoANyL83qLHZ7CNCBxSmAP
NVyIjYD4yRGSGsAWt7B5wIwqbqAOf+VGNf3N+vH9Wi3X1wLVcsw=
=diX4
-----END PGP SIGNATURE-----
Reply to: