Accepted python-django 3:5.2.6-1 (source) into experimental

To: debian-experimental-changes@lists.debian.org, debian-devel-changes@lists.debian.org
Subject: Accepted python-django 3:5.2.6-1 (source) into experimental
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 03 Sep 2025 15:40:13 +0000
Message-id: <[🔎] E1utpan-003GT9-2U@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 03 Sep 2025 07:46:59 -0700
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 3:5.2.6-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1113865
Changes:
 python-django (3:5.2.6-1) experimental; urgency=medium
 .
   * New upstream security release:
 .
     - CVE-2025-57833: Potential SQL injection in FilteredRelation column
       aliases. The FilteredRelation feature in Django was subject to a
       potential SQL injection vulnerability in column aliases that was
       exploitable via suitably crafted dictionary with dictionary expansion as
       the **kwargs passed QuerySet.annotate() or QuerySet.alias().
       (Closes: #1113865)
 .
     <https://www.djangoproject.com/weblog/2025/sep/03/security-releases/>
Checksums-Sha1:
 d3e69f576579e8e3d927bd6d35303ce433668264 2785 python-django_5.2.6-1.dsc
 ada4c057790d255039ac5fe3a31378e5fde0417a 10858861 python-django_5.2.6.orig.tar.gz
 a24e50f772a1cf529a9e563edec6d5e7195c693b 30544 python-django_5.2.6-1.debian.tar.xz
 bc4d3da10c1e6e55b637bb2dc017d735502b286e 8046 python-django_5.2.6-1_amd64.buildinfo
Checksums-Sha256:
 c860ac6b7796d4ec3fc086f44b205b11de3b70b8fad71ffc955b24105f9725b5 2785 python-django_5.2.6-1.dsc
 da5e00372763193d73cecbf71084a3848458cecf4cee36b9a1e8d318d114a87b 10858861 python-django_5.2.6.orig.tar.gz
 1139a6358de44feaba29fb18f9f02f48e42db634dc3840422f3193327f6b50e3 30544 python-django_5.2.6-1.debian.tar.xz
 e35f182c4fc7ce7d4be01379a96f628eba49a5daaa6180e4aa624355e554223c 8046 python-django_5.2.6-1_amd64.buildinfo
Files:
 735b6c9801e32715353f3c5c40326ae6 2785 python optional python-django_5.2.6-1.dsc
 1f0327293cc3768903ce8cd390ec3f47 10858861 python optional python-django_5.2.6.orig.tar.gz
 9f88aea9e419eb0b68155ad578d0d433 30544 python optional python-django_5.2.6-1.debian.tar.xz
 37212c748d598a01cd8592480a653e83 8046 python optional python-django_5.2.6-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmi4XYsACgkQHpU+J9Qx
HlheKhAAlLxEcAhi8J8fu92QuhESJpd9F1fC/eDdIq/qJGDUGfRgtTu9X3su9sAj
yU6lQM5e0oyinwe1ppUyAm8Jt2ILHdnnJww756MpWBoo2rJvcKFIdjzKql1aLuhz
jd1bVs1s6FpMquIoefI2CdHrLUPACf0DgCZ3gLY+6I2iSXSBJUvdCDvQxZIOrQYs
64vdHzWbXgPYIScV8wmI6GcbOG52fVF9Ad4NpkG/2z6JKLiVrT60rZORjDc75kLm
OcIXPbkL0iQ+c1heM1aLl52sQ3lyyYWV1S9sN8voPNwJMHLko4HJrAE5Ridf6BpZ
U2vCGTcf0VNJ42TlCqIbGs1ML2ZHiGihkFD+t58pLpgGiDCYZDlPnpV+iG0zybzo
u8h6kYz8J5fmEMQphwf+YqS9n+s7Kpvk6KcYWp9YIWeZHqiin4onf137h2NYvaRn
HQWRn4cu9wgIpt78ym012XLxpPHDK9q+eMxbcKFzoCTuoT7nrS8rudsNRRxhZPXY
z5/MK3u1NMk9YfKUsEv2X3b/voHx9AoAEQPmJf7Z4gGbyYBMBsi+3hneK/K3qkak
BQawDaGk7wgf1+4/4uciBiPT0U09Bm02RnEed81DN4j3V9VyjhZw24zfICuSVzrJ
MmXCdywagNzs5Fu6oCYl6y/6pxc5pbiBX6ixFjTEThQsXrkzBls=
=5Lct
-----END PGP SIGNATURE-----

Attachment: pgpEindWnJryi.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted pg-checksums 1.3-1 (source) into unstable
Next by Date: Accepted rust-async-trait 0.1.89-1 (source) into unstable
Previous by thread: Accepted pg-checksums 1.3-1 (source) into unstable
Next by thread: Accepted rust-async-trait 0.1.89-1 (source) into unstable
Index(es):
- Date
- Thread