Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django6 for openSUSE:Factory checked in at 2026-05-06 19:19:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django6 (Old) and /work/SRC/openSUSE:Factory/.python-Django6.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django6" Wed May 6 19:19:26 2026 rev:6 rq:1351139 version:6.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django6/python-Django6.changes 2026-04-09 16:22:55.086003064 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django6.new.30200/python-Django6.changes 2026-05-06 19:23:34.023115611 +0200 @@ -1,0 +2,16 @@ +Wed May 6 08:23:58 UTC 2026 - Markéta Machová <[email protected]> + +- Update to 6.0.5 + * CVE-2026-5766: Potential denial-of-service vulnerability in ASGI + requests via file upload limit bypass (bsc#1264153) + * CVE-2026-35192: Session fixation via public cached pages and + SESSION_SAVE_EVERY_REQUEST (bsc#1264154) + * CVE-2026-6907: Potential exposure of private data due to incorrect + handling of Vary: * in UpdateCacheMiddleware (bsc#1264152) + * Fixed a misplaced </div> in the django/contrib/admin/templates/admin/change_list.html + template added in Django 6.0 that could be problematic when + overriding the pagination block + * Fixed a bug in Django 6.0 where deprecation warnings incorrectly + skipped lines from third-party packages prefixed with “django” + +------------------------------------------------------------------- Old: ---- Django-6.0.4.checksum.txt django-6.0.4.tar.gz New: ---- Django-6.0.5.checksum.txt django-6.0.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django6.spec ++++++ --- /var/tmp/diff_new_pack.f92Ol6/_old 2026-05-06 19:23:34.731144819 +0200 +++ /var/tmp/diff_new_pack.f92Ol6/_new 2026-05-06 19:23:34.735144984 +0200 @@ -27,7 +27,7 @@ %endif %define skip_python311 1 Name: python-Django6 -Version: 6.0.4 +Version: 6.0.5 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-6.0.4.checksum.txt -> Django-6.0.5.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django6/Django-6.0.4.checksum.txt 2026-04-09 16:22:54.377974012 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django6.new.30200/Django-6.0.5.checksum.txt 2026-05-06 19:23:33.851108515 +0200 @@ -2,24 +2,24 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 6.0.4, released April 7, 2026. +source-code tarball and wheel files of Django 6.0.5, released May 5, 2026. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has -the ID ``131403F4D16D8DC7`` and can be imported from the MIT +the ID ``3955B19851EA96EF`` and can be imported from the MIT keyserver, for example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7 + gpg --keyserver pgp.mit.edu --recv-key 3955B19851EA96EF or via the GitHub API: - curl https://github.com/jacobtylerwalls.gpg | gpg --import - + curl https://github.com/sarahboyce.gpg | gpg --import - Once the key is imported, verify this file: - gpg --verify Django-6.0.4.checksum.txt + gpg --verify Django-6.0.5.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -28,40 +28,38 @@ Release packages ================ -https://www.djangoproject.com/download/6.0.4/tarball/ -https://www.djangoproject.com/download/6.0.4/wheel/ +https://www.djangoproject.com/download/6.0.5/tarball/ +https://www.djangoproject.com/download/6.0.5/wheel/ MD5 checksums ============= -9d429cbef8c8357a480d0b920dd9a956 django-6.0.4.tar.gz -48574fa2e00fde976bd35d62f336bcd7 django-6.0.4-py3-none-any.whl +44c18a8f264c1326e6fe4f1053fea5fc django-6.0.5.tar.gz +7d1da677b7b2fd7521ccb0595424f6d4 django-6.0.5-py3-none-any.whl SHA1 checksums ============== -89cd1b49c06b176b414138a5af1cfa3d340673a4 django-6.0.4.tar.gz -b1e01ebdd99e6d06de34a8e92e62da256eaf5e8e django-6.0.4-py3-none-any.whl +b9f5649872874dd17cf1c9d7cc25617cb23c5b7c django-6.0.5.tar.gz +8e36cdca04efb6d15149c6c8790464b4241d6229 django-6.0.5-py3-none-any.whl SHA256 checksums ================ -8cfa2572b3f2768b2e84983cf3c4811877a01edb64e817986ec5d60751c113ac django-6.0.4.tar.gz -14359c809fc16e8f81fd2b59d7d348e4d2d799da6840b10522b6edf7b8afc1da django-6.0.4-py3-none-any.whl +bc6d6872e98a2864c836e42edd644b362db311147dd5aa8d5b82ba7a032f5269 django-6.0.5.tar.gz +9d58a7cb49244e74c8e161d5e403a46d6209f1009ba40f5a66d6aa0d0786a8f0 django-6.0.5-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmnU6kMACgkQExQD9NFt -jcewLQ/+KngEy8SFtlTxorDI4JGiYsxH91BU02Ji/kcVo0npW9ZW609FOKFfevd6 -i3bDzS0wmOjT5NBUaK0gik13fYaOCzjW4aJLuwvZ5q3Vw695mXa3vExrF/tRHAFW -Aqw3FwYp3mFtwdYQjQzrjI8HRm3w6KXmIL/VRxpDxAkMvDOASbd659dJ5waC4cvW -SsJf052BqSrP75Cj00xo7zLQAhcofy6Jpmbtc4FGJp5PaflP+HPJYnZYIceclhM/ -y/3shWZA/mYk1Rx4vvhPDBykeHuYt2bbYYmRglygwfAe4G1lny303/l31gQdZLtY -Ooi87RXknbLiDocjG3ylRlxyX46goaS/gvMQQBXctfM6VbLHTqq1nDrGK7DBxVjx -nmEoJI9kaZ73PflNlXXd+aE/kPBsZC1NMpjjBmDGHzWyyiUTDxY0tDMA4py6wHUx -QSjNq4VGyqh0JJgIsZ7ymoC3vMfxtFz87svH0vJOf9WAYO5gQn72Ltw6/fHO9lz9 -SnFvFkYZ8icV6VaeSa4YThGhguLsuxl7cdliAjmhzNkDRxmTFK4n+qJeBMHBEJmc -aAM+PRIwhkLb44b6gUgTs6QLYCor9jHiNpLZJyJ/R6iH5uUO+Z1tDY/E2colylxQ -Nr5FB4iFqVdXqZDT1f1mxsyfDo7ci0gGXzWziTQ7ESr3n4y2/ds= -=RySd +iQGzBAEBCAAdFiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmn57fAACgkQOVWxmFHq +lu9FIQv+JBIh0AriW0feexr73HhD9DJZw3dYaljCMHv/lUgtyUZSesrj7FldleOm +RrmYsyYWQ0lBx9hM9zpVWQOSBUesiTUo0tYFRI9kKbIdFYH9Fwefegjzm8S2D77P +5cbHBxM93WfkkyWKdKGHNQTZhcbJnqyde3OF8Ex9tXAIOqF9HIa88WPfK4ustsTG +wPHAFQ/qe3bb4wN/aBTy/Yd67nnKn/1UHgOEIUMxS1BNCK8DK0rEGNgVSwGLoRyW +RGr/+/bAtha7BkTDSUA6vCQCP9MOYL3YHyWBgPNEDlSwHbRXwuiv/zm3eqroP235 +Wd66l2vyJGcPNQl+imNPjXCDeHRT0xB+eYm6FsSlz7fWoMAcZ1pOpD854k4yu3un +zQVeOl02BEELDjEcfWAETYyXdMOfYYnjQMGtuhYPkA8eo4F1j2QRlpcMzUFS2K4f +nYqNAs6Ho2IM/yypYhHPOrquGF+4sd1UDNvHsp1oDn5k8ZxJbMrCISNKecR9tArb +Pi67DLsc +=B4Gz -----END PGP SIGNATURE----- ++++++ django-6.0.4.tar.gz -> django-6.0.5.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django6/django-6.0.4.tar.gz /work/SRC/openSUSE:Factory/.python-Django6.new.30200/django-6.0.5.tar.gz differ: char 5, line 1
