Accepted python-django 3:4.2.22-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted python-django 3:4.2.22-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 04 Jun 2025 21:19:22 +0000
Message-id: <[🔎] E1uMvW6-005sHf-1W@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 04 Jun 2025 08:21:53 -0700
Source: python-django
Architecture: source
Version: 3:4.2.22-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1107282
Changes:
 python-django (3:4.2.22-1) unstable; urgency=high
 .
   * New upstream security release:
 .
     - CVE-2025-48432: Potential log injection via unescaped request path.
 .
       Django's internal HTTP response logging used request.path directly,
       allowing control characters (e.g. newlines or ANSI escape sequences) to
       be written unescaped into logs. This could enable log injection or
       forgery, letting attackers manipulate log appearance or structure,
       especially in logs processed by external systems or viewed in terminals.
 .
       Although this does not directly impact Django's security model, it poses
       risks when logs are consumed or interpreted by other tools.  To fix this,
       the internal django.utils.log.log_response() function now escapes all
       positional formatting arguments using a safe encoding.
 .
       (Closes: #1107282)
 .
     <https://www.djangoproject.com/weblog/2025/jun/04/security-releases/>
Checksums-Sha1:
 85373c92455f7b2b11112a3f5b100bded36e9d33 2790 python-django_4.2.22-1.dsc
 9311aafa19c03378cbf0d9758b80cb458bccf87f 10427236 python-django_4.2.22.orig.tar.gz
 2336441fbf39d74df12e855a931fa0cd6320ef30 33828 python-django_4.2.22-1.debian.tar.xz
 e2b83b1f6ef6e70f1e60c55887dfbb479712ddf5 9401 python-django_4.2.22-1_source.buildinfo
Checksums-Sha256:
 77bbbe2bafbe4e6c3d36d83602a11bd6f1d807be1612f1d4799b20f98e166d2b 2790 python-django_4.2.22-1.dsc
 e726764b094407c313adba5e2e866ab88f00436cad85c540a5bf76dc0a912c9e 10427236 python-django_4.2.22.orig.tar.gz
 119116bb321db7db3ab59a7d6356ca35d72d2ff84ad251d9d38d7cf70378c7fc 33828 python-django_4.2.22-1.debian.tar.xz
 47c78490860dcaf51c6abefcb703c1ebaf0d711f3b502a1309a1f7f129576a0c 9401 python-django_4.2.22-1_source.buildinfo
Files:
 d906238ee314208b7f107498b0998cef 2790 python optional python-django_4.2.22-1.dsc
 129ec31e2b5b48daf6ad33380a2da976 10427236 python optional python-django_4.2.22.orig.tar.gz
 6add58e41a5aad5e62a853de54f3083a 33828 python optional python-django_4.2.22-1.debian.tar.xz
 e2606c7f323052c5465b78185263a0eb 9401 python optional python-django_4.2.22-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmhAtL4ACgkQHpU+J9Qx
Hlh+4A/8CUBg+ioshGRbT7L38s4lVjzzbxDSWASq8vp3b88FoeQlV/+gAdBdlCAQ
7cWVXQN6DUibOHuLh49/zqIH8yeQ6eXkU3n8zTjqlWDB1oS2mE+f+alx21GXaDoT
II/NST+XpCKkitvnZObK6z2njFiGStpy8PaOPa3nr3zb99Ai3lOr699aJ1eD3BS8
rMP/0+f5a8jqazvgEDQqdz08mP5VAGyVDIenHZZpeqxt401u0lJiEy8ppcKiGFax
i/n1N1tXCEYwgJWV9iOCV0pTrLbd18rIcFyG/PdEcpmOHShDenxMbt9Zg7H5VvsS
2tiw1ISVKTIJqxfdwY9qu3i+svaokfg99ggIRzM9Za15ZHxzMWu1SWziioP+1J/2
HExJ5BSWwzsdoKzUtlZCGQyGtx+JQtheM+hEA8qL/KYlcDDsXr3iug1VTiqmcTD+
dAAa+K/reKJxMZnqH+HdruvPUD/utzN0a0NLfBkQbrKxT9qWNk2DfKLKGBMT1nnU
HXJRxEQ9a9tqYOd6BAoNM4hxmQTu9LgO5MIHbSadWBVa/WH9+JxhAXEdcuXgswSP
xUdqNIVKJwSLb5PJtIdCyxqeLam1BeEbQFmEMe16B7AsCFjOkMRGnJL47umWBkwi
DBj4Hj04WYLZOv6SPFkkDj3RN+BSHWwjsVZonLqf2/Ojmq6xfEQ=
=GY8+
-----END PGP SIGNATURE-----

Attachment: pgpt3O78nwwTw.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted sip6 6.12.0-1 (source) into experimental
Next by Date: Accepted exult 1.12.0-2 (source) into unstable
Previous by thread: Accepted sip6 6.12.0-1 (source) into experimental
Next by thread: Accepted exult 1.12.0-2 (source) into unstable
Index(es):
- Date
- Thread