Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django4 for openSUSE:Factory checked in at 2025-12-09 12:51:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django4 (Old) and /work/SRC/openSUSE:Factory/.python-Django4.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django4" Tue Dec 9 12:51:58 2025 rev:18 rq:1321590 version:4.2.27 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django4/python-Django4.changes 2025-11-06 18:18:34.465064150 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django4.new.1939/python-Django4.changes 2025-12-09 12:57:21.133606207 +0100 @@ -1,0 +2,11 @@ +Mon Dec 8 12:25:26 UTC 2025 - Markéta Machová <[email protected]> + +- Update to 4.2.27 (bsc#1254437) + * CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases + on PostgreSQL + * CVE-2025-64460: Potential denial-of-service vulnerability in XML Deserializer + * Fixed a regression in Django 4.2.26 where DisallowedRedirect was raised by + HttpResponseRedirect and HttpResponsePermanentRedirect for URLs longer than 2048 + characters. The limit is now 16384 characters + +------------------------------------------------------------------- Old: ---- Django-4.2.26.checksum.txt django-4.2.26.tar.gz New: ---- Django-4.2.27.checksum.txt django-4.2.27.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django4.spec ++++++ --- /var/tmp/diff_new_pack.BWX4B0/_old 2025-12-09 12:57:22.273654262 +0100 +++ /var/tmp/diff_new_pack.BWX4B0/_new 2025-12-09 12:57:22.277654431 +0100 @@ -29,7 +29,7 @@ %{?sle15_python_module_pythons} Name: python-Django4 # We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc -Version: 4.2.26 +Version: 4.2.27 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-4.2.26.checksum.txt -> Django-4.2.27.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django4/Django-4.2.26.checksum.txt 2025-11-06 18:18:34.381060598 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django4.new.1939/Django-4.2.27.checksum.txt 2025-12-09 12:57:21.009600980 +0100 @@ -2,7 +2,7 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 4.2.26, released November 5, 2025. +source-code tarball and wheel files of Django 4.2.27, released December 2, 2025. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have @@ -19,7 +19,7 @@ Once the key is imported, verify this file: - gpg --verify Django-4.2.26.checksum.txt + gpg --verify Django-4.2.27.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -28,41 +28,40 @@ Release packages ================ -https://www.djangoproject.com/download/4.2.26/tarball/ -https://www.djangoproject.com/download/4.2.26/wheel/ +https://www.djangoproject.com/download/4.2.27/tarball/ +https://www.djangoproject.com/download/4.2.27/wheel/ MD5 checksums ============= -7a756599abea23cd9208e1c736739bdb django-4.2.26.tar.gz -93c99abba363de24d55bf1ca45ca7216 django-4.2.26-py3-none-any.whl +45431b7954d12014c88cd9f66cfefb2c django-4.2.27.tar.gz +a8dd376cdcd926492f2f1e9541333aa9 django-4.2.27-py3-none-any.whl SHA1 checksums ============== -879a7dd2f0d2db3ba7c9618e84dc267e5aa362db django-4.2.26.tar.gz -8f6c2d8a0aaec238c47be7ccdec34053013a87ed django-4.2.26-py3-none-any.whl +5c2da0b170d051f5e29bffd29e02a36e13068e22 django-4.2.27.tar.gz +c37d0e7279905bf99954562dd93b08f395948d4c django-4.2.27-py3-none-any.whl SHA256 checksums ================ -9398e487bcb55e3f142cb56d19fbd9a83e15bb03a97edc31f408361ee76d9d7a django-4.2.26.tar.gz -c96e64fc3c359d051a6306871bd26243db1bd02317472a62ffdbe6c3cae14280 django-4.2.26-py3-none-any.whl +b865fbe0f4a3d1ee36594c5efa42b20db3c8bbb10dff0736face1c6e4bda5b92 django-4.2.27.tar.gz +f393a394053713e7d213984555c5b7d3caeee78b2ccb729888a0774dff6c11a8 django-4.2.27-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmkLSZEoHDEyNDMwNCtu -ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPuPVD/0e -GbxD+pq6P3AgHsQb40ZgGfTmSScXKO6ndMFBFTqdGIyqAcy1wufHhPq4q3Lpdq1P -GvDYBWp9iecxr5YYmELc/42EMhN8BclaEG9SvQSIUF2uLik+6P0AUp3f1g+zlf0u -cwqrY2AGlsOS8geHImqoo24f3pmyzqf5URg1IgABKRiM4XW3a1yS1HWq0YFyRPei -uzAmq7PUPA5C+lCsUuJ1GkhNwrmeU/lwCCXmZxwSIAD6i7/yod7Uwz+TpC3MzQoy -InB999H1/orwRR/zCMfQsCIsWI2omcwirAnwYn/8FK03zW/SHZOFxlpWWkRQNOXq -vdFOFAO7KTRKPnIyceaOxItyNrlxDFWCvSuvviyIvsvilGCYtcqPUCNP4SaAZMvn -GWEMKATkB487rv2R2lisWc/3wqc9vtyzDrVQTprkvdLv4OJCmyfFJcMwB3/j+cbp -P7ML+pqlu2J3uPFAibtYaGODeVi1QSMI/he+ayFU84Ak/RMzKQFc5UaoPj4nVeUi -M7poZG0d8+N6erUaMFIh0WJlVvw22Y8OB2obRE0R1rj3uiMHx7F699tE+uAI2Rzc -nDW4EJHGugkC4OAPbjiRdYWLFu9VH1qiSM0Ui+mZpC8HFL273enkXY9oYQYBimTz -07zJBw+Oa3Bq3vhDvY1P2HbifWR8d+j7FKniVyijGw== -=c5nG +iQIzBAEBCAAdFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmku374ACgkQLugqjZRw +mD4TeQ//SjwkxlIZQ8PF0FYjCbLbM0QgDWDKgycOfG9VIIjw9L5oYbKDoXXHrrNG +or0CDncA/X9+rdCH2NhTffkCJj8FCNXevA+ie1rp1p9pl7HF60jFNyltvBCZcIGr +rwu3qZPNBpTPl0LBELY12BLosZcpspnZCH/zCL+hwejV/H7QVWuc6xgOYt10gMeb +YCTUdWMchW1gxM32N20YLiYVk0zCds1e3AMmScHItYTvo+0ZspNYFBISmQ0f5hAe +AO2FMakHAGY2goBtwcZAQxdcVbJJ9yH2iwg0PeHswD8HKCQ69ndzlXyEiSK0bL2w +c9l+Qba+A1CEe7+FFWWo/h+TLL0ROBOY/IdwpaOeVcHfpAaxms43tqiGu+BO27kO +lbtW95JQ5q0mMNkC16lpt6r1gC3brYA9X/yQPJdh3P9J4bAaf1Ab8V1QT3lfx0Ig +0gh2NjOblU/egT7lqMrUNLeEiBBbdsfR5aOzr4dWVau+DZ3m8iqCsuly8e0r9JNp +geeNMuU0PlbOPR73ubgBd4gyDHcDM4B35phea+eXTv7+lLuc9DYL+/k5iBOjj+S5 +lEYONtuFMJr3CEx9rY88SHS6szotCoCPa3qg47GZR9hsESRrekAQiKZNcBLoUTi/ +Ov0+JVT2GFx9+vT2pC7fmbqduIsA7OQYTnryFCVFA7Tx2sBnOQw= +=n6ph -----END PGP SIGNATURE----- ++++++ django-4.2.26.tar.gz -> django-4.2.27.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django4/django-4.2.26.tar.gz /work/SRC/openSUSE:Factory/.python-Django4.new.1939/django-4.2.27.tar.gz differ: char 5, line 1
