Accepted python-django 3:3.2.19-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted python-django 3:3.2.19-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 03 May 2023 17:09:38 +0000
Message-id: <[🔎] E1puFz0-005vPy-1p@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 May 2023 09:32:59 -0700
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:3.2.19-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1035467
Changes:
 python-django (3:3.2.19-1) unstable; urgency=medium
 .
   * New upstream security release.
   * CVE-2023-31047: Prevent a potential bypass of validation when uploading
     multiple files using one form field.
 .
     Uploading multiple files using one form field has never been supported by
     forms.FileField or forms.ImageField as only the last uploaded file was
     validated. Unfortunately, Uploading multiple files topic suggested
     otherwise. In order to avoid the vulnerability, the ClearableFileInput and
     FileInput form widgets now raise ValueError when the multiple HTML
     attribute is set on them. To prevent the exception and keep the old
     behavior, set the allow_multiple_selected attribute to True.
 .
     For more details on using the new attribute and handling of multiple files
     through a single field, see:
 .
       <https://docs.djangoproject.com/en/stable/topics/http/file-uploads/#uploading-multiple-files>
 .
     (Closes: #1035467)
 .
   * Bump Standards-Version to 4.6.2.
Checksums-Sha1:
 77feaf7b11ab9338b75663c4808bc75ed253a9f6 2807 python-django_3.2.19-1.dsc
 42f62327acc78f37f69cba058232fbfd7d8c77cd 9832772 python-django_3.2.19.orig.tar.gz
 f6f403f34e4d23073ba91838fcc96dd148564566 38032 python-django_3.2.19-1.debian.tar.xz
 8cf1f34c917df81e05d357f08318bad8fe7c9595 7954 python-django_3.2.19-1_amd64.buildinfo
Checksums-Sha256:
 3b00f2009508a960f1eccae8762667b6c4b4097673bb9d50c8f007bb4e36d8a5 2807 python-django_3.2.19-1.dsc
 031365bae96814da19c10706218c44dff3b654cc4de20a98bd2d29b9bde469f0 9832772 python-django_3.2.19.orig.tar.gz
 924c91276b40c03aa3dacd397966849000599121d8e4d8398b6078eab1153698 38032 python-django_3.2.19-1.debian.tar.xz
 a8b01eb05d5feaaddd87b62baa7b4106cbf21db02a915cc316f689b3ac8f5266 7954 python-django_3.2.19-1_amd64.buildinfo
Files:
 4b3bdcee47d7b3eec43f2a9908a6c13b 2807 python optional python-django_3.2.19-1.dsc
 d84f0b8669678fea14579d7400a521e2 9832772 python optional python-django_3.2.19.orig.tar.gz
 067806366ba9dc958fcc7e98659b95a5 38032 python optional python-django_3.2.19-1.debian.tar.xz
 32d650485b0743773b1484c525b41d5d 7954 python optional python-django_3.2.19-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmRSjvUACgkQHpU+J9Qx
HlgHaA/+NaPOoLi/zC/SDsp81SOzwjHYRAUQHl+nLbKC6Xcy7B0YgI22ECMunTyk
9BZh2JlOCSTzIUO3pM/zWyIMSwRs7QqkmCfMbbJFgdM8TT8BKywBv6XT1iUXwEIM
DQ0yZwjVwXXFK+jrq/l1Ngypj+2n4/Nhwaxe6U4IguZiVHOgXx0YY/0np9AC5mYw
fdvsAAGKG6xQQIOpE95KS6NzofDj+49aue5oJ3AO4bMf+aIRdeUVN5vjaqF4NBEU
fS2/mmFqzVOExSOMfXzoq8ij2XvX9/XPPxqkp3gHDhTadp1rrlOFI8/qYxJaGV6l
jeK+Fndt7Ne3xjMS+23g79OOAfJNfckYTS7RcNw1JrtdhS761xzycR9sCYzfU+lD
mRvlocPx3QtSws8vlA8t2jGS+CPfWzBUuJW29awqUoP/HwdCEa3mC7khmOKFUboY
VQhjypKQRRb2NVpQ+4Jzw3SDNc0UTb68fgN1nRKmAyCWCF90EcamS0il40DUNX2x
mhJwS+dRABTzcR5SaTu9Eb9bCAFC7lCk4aSI9CNQUuxpa2YmLRLiKSl/F6vKSGEK
XUmMt82vhyRHpRIzuOlAg3DThTxVRszGwtjwdpk8XECPFpYJnYHq5thris9E1Y9F
Np1rbgNfVE9LA36fsUScozCAB95sVprFn0xs1aTIpxpVvkm5TVU=
=2JQv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted chromium 113.0.5672.63-2 (source) into unstable
Next by Date: Accepted python-django 3:4.2.1-1 (source) into experimental
Previous by thread: Accepted chromium 113.0.5672.63-2 (source) into unstable
Next by thread: Accepted python-django 3:4.2.1-1 (source) into experimental
Index(es):
- Date
- Thread