Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django4 for openSUSE:Factory checked in at 2026-04-09 16:09:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django4 (Old) and /work/SRC/openSUSE:Factory/.python-Django4.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django4" Thu Apr 9 16:09:36 2026 rev:4 rq:1345434 version:4.2.30 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django4/python-Django4.changes 2026-04-08 17:17:22.015957878 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django4.new.21863/python-Django4.changes 2026-04-09 16:22:42.029467326 +0200 @@ -1,0 +2,15 @@ +Thu Apr 9 06:43:44 UTC 2026 - Markéta Machová <[email protected]> + +- Update to 4.2.30 + * CVE-2026-3902: ASGI header spoofing via underscore/hyphen + conflation (bsc#1261729) + * CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin + (bsc#1261731) + * CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable + (bsc#1261732) + * CVE-2026-33033: Potential denial-of-service vulnerability in + MultiPartParser via base64-encoded file upload (bsc#1261722) + * CVE-2026-33034: Potential denial-of-service vulnerability in + ASGI requests via memory upload limit bypass (bsc#1261724) + +------------------------------------------------------------------- Old: ---- Django-4.2.29.checksum.txt django-4.2.29.tar.gz New: ---- Django-4.2.30.checksum.txt django-4.2.30.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django4.spec ++++++ --- /var/tmp/diff_new_pack.ICNEl7/_old 2026-04-09 16:22:42.897502943 +0200 +++ /var/tmp/diff_new_pack.ICNEl7/_new 2026-04-09 16:22:42.897502943 +0200 @@ -29,7 +29,7 @@ %{?sle15_python_module_pythons} Name: python-Django4 # We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc -Version: 4.2.29 +Version: 4.2.30 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-4.2.29.checksum.txt -> Django-4.2.30.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django4/Django-4.2.29.checksum.txt 2026-03-04 21:10:41.270011702 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django4.new.21863/Django-4.2.30.checksum.txt 2026-04-09 16:22:40.949423010 +0200 @@ -2,24 +2,24 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 4.2.29, released March 3, 2026. +source-code tarball and wheel files of Django 4.2.30, released April 7, 2026. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has -the ID ``2EE82A8D9470983E`` and can be imported from the MIT +the ID ``131403F4D16D8DC7`` and can be imported from the MIT keyserver, for example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E + gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7 or via the GitHub API: - curl https://github.com/nessita.gpg | gpg --import - + curl https://github.com/jacobtylerwalls.gpg | gpg --import - Once the key is imported, verify this file: - gpg --verify Django-4.2.29.checksum.txt + gpg --verify Django-4.2.30.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -28,40 +28,40 @@ Release packages ================ -https://www.djangoproject.com/download/4.2.29/tarball/ -https://www.djangoproject.com/download/4.2.29/wheel/ +https://www.djangoproject.com/download/4.2.30/tarball/ +https://www.djangoproject.com/download/4.2.30/wheel/ MD5 checksums ============= -8fa52c7ec011ebaa7fcf6fba78561346 django-4.2.29.tar.gz -b92fcf3eef0114f52ee8f3fc766de6a2 django-4.2.29-py3-none-any.whl +b85ae58022eb81ba8bcef7027872019f django-4.2.30.tar.gz +6e50eb4904c334d9a6c731a31a54dc64 django-4.2.30-py3-none-any.whl SHA1 checksums ============== -fa2d7682f482f2d86b10f4ce2b7c0a8b0d382cc0 django-4.2.29.tar.gz -c6dc4a23516266344e89f69bb9d1b2cbe09d4f11 django-4.2.29-py3-none-any.whl +8cec07a43d7dbb469cd94c9e4776941c75e3bbcf django-4.2.30.tar.gz +f36bc6c73306f6434a014cf7b204f3a220d86bd8 django-4.2.30-py3-none-any.whl SHA256 checksums ================ -86d91bc8086569c8d08f9c55888b583a921ac1f95ed3bdc7d5659d4709542014 django-4.2.29.tar.gz -074d7c4d2808050e528388bda442bd491f06def4df4fe863f27066851bba010c django-4.2.29-py3-none-any.whl +4ebc7a434e3819db6cf4b399fb5b3f536310a30e8486f08b66886840be84b37c django-4.2.30.tar.gz +4d07aaf1c62f9984842b67c2874ebbf7056a17be253860299b93ae1881faad65 django-4.2.30-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQIzBAEBCAAdFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmmm0zcACgkQLugqjZRw -mD45KA//b5YP/GYtIB98Opt/uWclwb1T3KlSIDsw5YrS1+iovYc1nHbxV5VD1pWX -BKvKL8XFJWrDc8EYsqDX15LmXPuN2LH3f4jDbXFiCT1EgxW1wal3JDgs4/hsoBEk -5GwQtcElzzEAUIWWGuQjrY2koTrfAUJeJxTWXhPyUwZvmVukwgreb3rPy8bT4/Qi -3eCPC+BDbD88KkzeRbctsnidpxIvrVFv+W/JB9fmAbRBiIsIXzY3urX0BCIkv8ix -gDPFoAKWAovICS8YXyZsSolYYKCsVsUgwmhbAJZrIzVyGjvGMpiC312kQn081yYj -5tGXAwrQ4kmOHLjt3gciQr5uYRyTRkC6zrVfTP6IZmpvcngxi/V0ks/in/eliAmW -WtHSEyboqSgAmThti6rfEwqWQLXXKi1Q91cu1imeRyCoMIhHFxZuZ0diWfQRY0b/ -BR2BQgLsCBSvZaVqPn5Hnt0yNJ+h4s9LNtvp9ei5ZUbIOybou1v8BEjaasmiWjp0 -XNM2lUtVLQGwmE1jSGXRZeaDoVYFVWZq9qHancYb8AnKFewYg9GVEjsuYY6GwA3y -Syp3CVgYN0F1jO0dfkRKP7/iq6HXe04GYV4Ro27iLDm/H/XZh+/7nDh5YTRunpor -icA2EkN6ZIbZCnXP5m3njsWRj9BDDpMknYngyiJqkNcxO1sKOYM= -=7xsK +iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmnU7rkACgkQExQD9NFt +jcddJQ/+NSHy0n9j4rUpiWkIOm+YuNAYDMrYiXuTM8TVNHhq0MaNovBYQgztgeNd +uEH4/wTM+sf0XiQQk3h7Gcf/rSzySQD6vASshl+u5KoR+0dsyKS/J+ERwUQ/xCAT +rnELmut7xVchrPMMWXuM3w8YvxVGoQT3W8zv4j67Zn2UG0BFEj9E0xlY5gw8LraW +fvorTStkeDRDri+P9ccm66kKxyzZ6GToivSebjTWIu/Sxv9WBw+oK3hWBpfF3irD +krVEy3Naelzql63PMgfR6QRNLttAIt7VhIhVYgBP7wWb6EtX5iGRafW7iZzep8mo +eHHWoNBBHO4K1vSrQ8odV93PYI0NvkUB5ibbQJy8ouiKhpWUwHdYgBxaczMYyKbe +jqK4du+LACUe7Ytv2WWenl/JLPKnZ342xSIPqxgPvl6/mf6uPEZkGx6hR/E6CAiL +GoTGseIA2WqV9xMm3HM2g7sjrvDeiO+MJdqfb+bKi/aTrvT6QN0LsW9EuvJx1Un0 +78cnsUOQHdRxQH7nA1mxhuyiEeXtID/Y9SJN4BZCr7bHZ2VynAlSZsqjqyJky9mI +oxewV0W7A9pDD/L5edfortZ4lYrVeeFUIdZyElF6OQGaVUKNp8PmWqZId0x/9tMi +CLc5eTgKtLGyQ2OKdBruZJ1tS9eLb20tLvSJnbjbnSegIbsrMqg= +=fx3b -----END PGP SIGNATURE----- ++++++ django-4.2.29.tar.gz -> django-4.2.30.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django4/django-4.2.29.tar.gz /work/SRC/openSUSE:Factory/.python-Django4.new.21863/django-4.2.30.tar.gz differ: char 5, line 1
