-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 21 Aug 2024 12:08:24 +0100
Source: python-django
Architecture: source
Version: 3:3.2.19-1+deb12u2
Distribution: bookworm
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Steve McIntyre <93sam@debian.org>
Closes: 1076069 1078074
Changes:
 python-django (3:3.2.19-1+deb12u2) bookworm; urgency=high
 .
   * Rename CVE-2023-36053.patch to 0014-CVE-2023-36053.patch
   * Backport upstream fixes in 3:4.2.14-1:
     * Closes: #1076069
     * CVE-2024-39329: Standardize timing of verify_password() when
       checking unusable passwords.
     * CVE-2024-39330: Add extra file name validation in Storage's save
       method.
     * CVE-2024-39614: Mitigate potential DoS in
       get_supported_language_variant.
     * The patch for CVE-2024-38875 won't sensibly backport.
   * Backport upstream fixes in 3:4.2.15-1:
     * Closes: #1078074
     * CVE-2024-41989: Prevent excessive memory consumption in floatformat.
     * CVE-2024-41991: Prevente potential ReDoS in django.utils.html.urlize()
       and AdminURLFieldWidget.
     * CVE-2024-42005: Mitigate QuerySet.values() SQL injection attacks against JSON fields
       Backport and tweak the upstream fix series to fit into 3.2.
     * The patch for CVE-2024-41990 won't sensibly backport.
Checksums-Sha1:
 df8a6b32878dc0bfad9dbb2c01848fed26b51af9 2864 python-django_3.2.19-1+deb12u2.dsc
 c172c32184f8dd1e3fa9d5373fd2d3d93181bc5e 48884 python-django_3.2.19-1+deb12u2.debian.tar.xz
 80c61eae4d36cdc38999c6ac345d3626dfe7b201 14089 python-django_3.2.19-1+deb12u2_source.buildinfo
Checksums-Sha256:
 6965317a38ababa6ecac1d731c5c5eb7c186e59906da4013300a8a0bf3cc7809 2864 python-django_3.2.19-1+deb12u2.dsc
 6bc87771c69baa09c64b2ca7918470f55a12f4fcbab0f30b004a8b383bc2e11b 48884 python-django_3.2.19-1+deb12u2.debian.tar.xz
 34f194b448ee46fcf03e7db7cd3c47dd04ce8a632fb90dd72def44eb6b601e63 14089 python-django_3.2.19-1+deb12u2_source.buildinfo
Files:
 8cd1dd7e7b430b871d74936f4bc51a3f 2864 python optional python-django_3.2.19-1+deb12u2.dsc
 7877957da3f282b1dce79bbdc1b90df7 48884 python optional python-django_3.2.19-1+deb12u2.debian.tar.xz
 b63403ce4e5576491f3d3e61ba688a63 14089 python optional python-django_3.2.19-1+deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmbIb6MRHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE7yBg//SixN+DRgxb/0QUTcav3HLwp/g75VlFWp
FR4brrdjgMozLXNRUsRqn7zsH0MiN7UvllvW5c0F+du547bFZG2OlvtrO/y/q3j4
Nf3OsMCgakkNHCuaZ2kvZXy6vV5FSAhlhD8dPC5ndt5GrbmtK4oWTogSOXkHa9N3
HbFc8SdVMubrfOFCAY17xyTDoKSKM5+rssHbLtKCS7bFtccWgZqBQ5ZKTsSZn4si
hSkJBM7ku/OscnLzf8lHX/15NSx+25ZrI4lOiqSqIS/T9DKp4AbX7KRXZqnRR8fm
ZhiyzkBI4CkJK6HmBPIP7zMtxHTQ+Smz5C2ubfZ0JnHThkawOGSsg/lowFjeezSx
Ldylj5QST3R8Zyc/91P7X2MVbmUVM8CKWLBHMxu40wE97bT2EehSjuLmlvf5ey7O
8vFz5IBqZgu7QOzWUxQ/1ytR/K4/xKNy0e3e2uoplN8Pe/oFDlkP2JBkhh8UMJnY
iSPPVR3Z6VUww3gc/TJlWX3y8TrYAqAyuuZUgCiVXbQuOPCqzZDS0SNwOszhi6cN
G+msHZPwjQTF/HauSBV8VB/PNufIYsBlB3uWseqrnbhs08+lVDsaQKtCDuGrr6/I
AEA0IoPWd4GtIMQTv/Vfxnfd88b5N1dZwsr1p0RCik4qjcasKyub50JGthJ7MKhL
L8QdZX/0ISY=
=Khoa
-----END PGP SIGNATURE-----