Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2026-05-07 15:43:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Thu May 7 15:43:12 2026 rev:148 rq:1351138 version:5.2.14 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2026-04-16 17:25:49.252594382 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.1966/python-Django.changes 2026-05-07 15:43:27.667420919 +0200 @@ -1,0 +2,11 @@ +Wed May 6 08:30:22 UTC 2026 - Markéta Machová <[email protected]> + +- Update to 5.2.14 + * CVE-2026-5766: Potential denial-of-service vulnerability in ASGI + requests via file upload limit bypass (bsc#1264153) + * CVE-2026-35192: Session fixation via public cached pages and + SESSION_SAVE_EVERY_REQUEST (bsc#1264154) + * CVE-2026-6907: Potential exposure of private data due to incorrect + handling of Vary: * in UpdateCacheMiddleware (bsc#1264152) + +------------------------------------------------------------------- Old: ---- Django-5.2.13.checksum.txt django-5.2.13.tar.gz New: ---- Django-5.2.14.checksum.txt django-5.2.14.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.9TsnlL/_old 2026-05-07 15:43:28.419451352 +0200 +++ /var/tmp/diff_new_pack.9TsnlL/_new 2026-05-07 15:43:28.423451513 +0200 @@ -26,7 +26,7 @@ %bcond_with libalternatives %endif Name: python-Django -Version: 5.2.13 +Version: 5.2.14 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-5.2.13.checksum.txt -> Django-5.2.14.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-5.2.13.checksum.txt 2026-04-16 17:25:49.048585976 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.1966/Django-5.2.14.checksum.txt 2026-05-07 15:43:27.555416387 +0200 @@ -2,24 +2,24 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 5.2.13, released April 7, 2026. +source-code tarball and wheel files of Django 5.2.14, released May 5, 2026. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has -the ID ``131403F4D16D8DC7`` and can be imported from the MIT +the ID ``3955B19851EA96EF`` and can be imported from the MIT keyserver, for example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7 + gpg --keyserver pgp.mit.edu --recv-key 3955B19851EA96EF or via the GitHub API: - curl https://github.com/jacobtylerwalls.gpg | gpg --import - + curl https://github.com/sarahboyce.gpg | gpg --import - Once the key is imported, verify this file: - gpg --verify Django-5.2.13.checksum.txt + gpg --verify Django-5.2.14.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -28,40 +28,38 @@ Release packages ================ -https://www.djangoproject.com/download/5.2.13/tarball/ -https://www.djangoproject.com/download/5.2.13/wheel/ +https://www.djangoproject.com/download/5.2.14/tarball/ +https://www.djangoproject.com/download/5.2.14/wheel/ MD5 checksums ============= -4af55cc09a3d1a828259ad0c05330e6b django-5.2.13.tar.gz -0d31cbcebcd7d6deb683d6ff3b914836 django-5.2.13-py3-none-any.whl +baec6c1729f0377f0c319ce8652a227a django-5.2.14.tar.gz +1c6b52e6b7cf1172ae9d1d6ec820b09d django-5.2.14-py3-none-any.whl SHA1 checksums ============== -87eb3824b2a0369275def77599ff4530690941bc django-5.2.13.tar.gz -0dc6d3892d241ece71c779ef7746b1f9a881031d django-5.2.13-py3-none-any.whl +b1d57e4e3b6ccf5d8daac075d549a09126da78f3 django-5.2.14.tar.gz +0f44e388314d66e21d9a6134504e476a25155775 django-5.2.14-py3-none-any.whl SHA256 checksums ================ -a31589db5188d074c63f0945c3888fad104627dfcc236fb2b97f71f89da33bc4 django-5.2.13.tar.gz -5788fce61da23788a8ce6f02583765ab060d396720924789f97fa42119d37f7a django-5.2.13-py3-none-any.whl +58a63ba841662e5c686b57ba1fec52ddd68c0b93bd96ac3029d55728f00bf8a2 django-5.2.14.tar.gz +6f712143bd3064310d1f50fac859c3e9a274bdcfc9595339853be7779297fc76 django-5.2.14-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmnU7H8ACgkQExQD9NFt -jccOQA/9HS6D0F08hW8a50GtHp+vVqqMSpjUrV0rly+dVxZcCRjsqmdKsWO43xhM -lldYa8rHobvbMbqbTSd2mz5GOn5Yx+G+PfiD7V1vKOpVWefJEDzmRBgw3ZMO4kD5 -WzlBZm7X8sRF6LpnKbJQqbhrXSZRvDrRTFB8K0Iduwz29mLVVopedXumimybN/Bh -Kj8lYVHI64psBCKXtota5knVNz0OozybHoMW9oAhsAj0qQbpHdFh4kdaVkwNuts6 -Zihc9kMsG+w8bsOyzMttTi6rMa6zLRjrlGxBkV5sO+3saVJJVYDqKFkr/Zc9WOsS -OJX5+Xtlb5JHCntHv0O5T+VqFopmQEHaIkNWKoKh4MoFl/Zy8lwaX/ydAspMKeYS -9yd8bc7Se5QXEOB5UsR9VuaUDtCpQ7n1NxwWJfEYrUBFyCojfJeP2QSFnG81ZCtj -mf1v45PWDYpLTRtOzSMtvfkg2wMaGYK2FfRzcGuqG7dc7/+RFCjsQr8UNkLWF6Td -DKkl0KrLS1hghkyxyULBSojUc8u4ZCVuxvWwcpcgMYAEknnFGSK9WIu0JCN650QY -3tvQSw9TCu4EZryXsDrVco/5FScYDDCb/aTW+MEIvVd57Sehnh7p5uuYp4uGSXwv -SJLjGsVTH56NzYRn8SLIEgfzXAx7yvgm7kFTTw8j1hd69WX8+4I= -=Qbre +iQGzBAEBCAAdFiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmn58FMACgkQOVWxmFHq +lu8rnAv/Uv04aLRN+PqiZqbYzQJ/iZu1D+VYOOiuR/2EX5iQKTWx23HOx7esvMk/ +3qEscdhF30eaLSpfDqOCl3AcrqU5TNzRz8miXS7FSQ1mIx+sKmSG77/vI2QGWfT2 +ZH+oAc8qv5neXUkDaI7GpzNT6pl3m4icYP+mcFJTsua2N4E2DuU5/NbvClgnNX2n +e4CyePHmMp5gS++qOliXRPV7vcS7TzZDCCmzsKoZHQ8ZfTdqqjui4ZFHBQmNr9+W +N8anKhZDi8LuRUT2L8uhHIjfCaUCba3CcvGVg9/X8KF9T9WNEGn3oGweUl/ol6No +phKT8LwsIBY7CrAGu92TqRnC6gozUc3MxzqzoMqtMhtcZQBBA1KF102XJ2q596i7 +EmEdVyTYpkPdTT59BZEy9K9PtFJD4oHUpSOOyXHIIVMFvFuiJSbg+cV7jyg9KVSo +LeP+i4P4SDHQVu925pYX3tveDGlVVyWD/MAMgQhMIfSng8GVqdOk2GieFMLD7QEe +mPRq5bhY +=2666 -----END PGP SIGNATURE----- ++++++ django-5.2.13.tar.gz -> django-5.2.14.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/django-5.2.13.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.1966/django-5.2.14.tar.gz differ: char 5, line 1
