Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django6 for openSUSE:Factory checked in at 2026-07-09 22:20:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django6 (Old) and /work/SRC/openSUSE:Factory/.python-Django6.new.1991 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django6" Thu Jul 9 22:20:34 2026 rev:8 rq:1364658 version:6.0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django6/python-Django6.changes 2026-06-10 15:49:35.503863059 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django6.new.1991/python-Django6.changes 2026-07-09 22:21:32.910558993 +0200 @@ -1,0 +2,13 @@ +Thu Jul 9 06:36:54 UTC 2026 - Markéta Machová <[email protected]> + +- Update to 6.0.7 + * CVE-2026-48588: Potential exposure of private data via cached + Set-Cookie response (bsc#1271029) + * CVE-2026-53877: Heap buffer over-read in GDALRaster (bsc#1271030) + * CVE-2026-53878: Header injection possibility since + DomainNameValidator accepted newlines in input (bsc#1271031) + * Fixed a regression in Django 6.0 where the PBKDF2 and MD5 password + hashers raised UnicodeDecodeError for bytes passwords that were not + valid UTF-8. + +------------------------------------------------------------------- Old: ---- Django-6.0.6.checksum.txt django-6.0.6.tar.gz New: ---- Django-6.0.7.checksum.txt django-6.0.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django6.spec ++++++ --- /var/tmp/diff_new_pack.gQv4cn/_old 2026-07-09 22:21:35.026631275 +0200 +++ /var/tmp/diff_new_pack.gQv4cn/_new 2026-07-09 22:21:35.042631821 +0200 @@ -27,7 +27,7 @@ %endif %define skip_python311 1 Name: python-Django6 -Version: 6.0.6 +Version: 6.0.7 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-6.0.6.checksum.txt -> Django-6.0.7.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django6/Django-6.0.6.checksum.txt 2026-06-10 15:49:34.167807694 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django6.new.1991/Django-6.0.7.checksum.txt 2026-07-09 22:21:32.678551068 +0200 @@ -2,7 +2,7 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 6.0.6, released June 3, 2026. +source-code tarball and wheel files of Django 6.0.7, released July 7, 2026. It also includes the commit hash of the release tag, identifying the exact source revision the artifacts were built from. @@ -10,19 +10,14 @@ To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has -the ID ``2EE82A8D9470983E`` and can be imported from the MIT -keyserver, for example, if using the open-source GNU Privacy Guard -implementation of PGP: +the ID ``131403F4D16D8DC7`` and can be imported from GitHub, for example, if +using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E - -or via the GitHub API: - - curl https://github.com/nessita.gpg | gpg --import - + curl https://github.com/jacobtylerwalls.gpg | gpg --import - Once the key is imported, verify this file: - gpg --verify Django-6.0.6.checksum.txt + gpg --verify Django-6.0.7.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -31,44 +26,44 @@ Release packages ================ -https://www.djangoproject.com/download/6.0.6/tarball/ -https://www.djangoproject.com/download/6.0.6/wheel/ +https://www.djangoproject.com/download/6.0.7/tarball/ +https://www.djangoproject.com/download/6.0.7/wheel/ MD5 checksums ============= -b45e074d29f85e1417fb2d2ea97c2df3 django-6.0.6.tar.gz -15a34bf4b721155c67d3079c78c045b2 django-6.0.6-py3-none-any.whl +4e11c909aebe761ddbadedf5646da858 django-6.0.7.tar.gz +23bf6a1ac8052a26d6f99515fd5786ce django-6.0.7-py3-none-any.whl SHA1 checksums ============== -e96b895019c21b8dc19b6ae983c9315216222941 django-6.0.6.tar.gz -ca756ca3e6af380db3ba61c7a923051e55665757 django-6.0.6-py3-none-any.whl +8bee35398a7c41420f9456a710baca622b518640 django-6.0.7.tar.gz +3d2a6133b0d9954449c10032bf0be5415d0d1d37 django-6.0.7-py3-none-any.whl SHA256 checksums ================ -ad03916ba59523d781ae5c3f631960c23d69a9d9c43cecda52fc23b47e953713 django-6.0.6.tar.gz -25148b1194c47c2e685e5f5e9c5d59c78b075dfd282cb9618861ba6c1708f4d2 django-6.0.6-py3-none-any.whl +2998503fc083124fb58037084bfa00de323c7c743f05f1b4284e77bff0ab8890 django-6.0.7.tar.gz +a037427c2288443a8c02a1b02295a31c239663aa682bc50b1976afb7cf6a769e django-6.0.7-py3-none-any.whl Git tag ======= -ee93f65169c280c9ab3d2ce103dd478c96d05065 6.0.6 +The 6.0.7 tag points to commit e2a424605ac2e7e6e799496542fb2997207e2f23. -----BEGIN PGP SIGNATURE----- -iQIzBAEBCAAdFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmogFx8ACgkQLugqjZRw -mD40gw//Z0fLsfdEPQDP/O08hquUCY7LZMpRTBlbr2EqtLm8UXt9zEWc3C6hdWSW -KQphP9DNguTviFuMNNddTtUt3X2AQe1C9nNlFF+GB7njPvQjzHvdZ5z5kn74gsdH -WlP2TjzAuaBBp/c1m1dYBJSBl8GTXbZuxRlbl1CiXAZTOtnNLUJz575Uj0ffixIU -4cgyBaHt+lK9QctmzHbrvBMJzqVXkQAekxvZmvpBcW8WwGtlkUY8af0q0yhCI+cD -ZwmuxhxFmRmMkJBuuT0DuU4EYuEQSpbUoDDrage8/G+n/jEemQDQ7T5EeTqPnIFQ -kuGzz6Udwr5sYgxbMHVO+nhCYBLh4/3pRk+1su+b3iv6XJSH6Rg7S57pnmjuDaBe -ZSmqzjh3wp1krwzXbbkjoDOG38cghhLAAWvUTNHtjtKoyj1E6683EKzBVqATccA1 -o5/2vPJonBUjjecUw2FNo2jed7mHyKxL0VTdwHEUuyC+f3izjKEXbULAfJfKD3Wl -htDkjFfptYR9cKvpqjFThuZjhOBJOp8YeyDgtq6xScNxifVWB/wemIcY9IRQAG6a -bwZDB+0nX8d2pYqvGX5ie/fyeGkEsrPGOH3+aLBus4PgwNbKcaoxSiiTSnhjYERC -j+1PZ6XNlWBXALlzJ4NVwN8lJJN/PqqRif0tqkheeEBESwMVwac= -=3N06 +iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmpM7H8ACgkQExQD9NFt +jcfnlw//fBjHhdpb8+nVuJVjd60P063CSvatCxenIIq9iFsXzhLatS1bY/0El2y4 +kISgf4nrPI39d7s6v0xRxfGRgws2P7yX0zP4Ymud9y95HKrfWFWfOMv8jBUa3P9v +v4QHGPqrlbmnjqfM+PceJ7ztqnq9j4NZrOoDTsBpMm528kVLpL95QeNWUKNqpJ3D +TrsXY3Cap5JyJ+AHd79ph2e/njdCuK2xAfiKUmOD7+CG7ukvOZ/A4mgI/DRuh7iF +v4zIjk0L/HoQpx6HG7aNCmVRa4KOfI01hUkdheEXUEOfHSOpyRxX0aKkWBI0pETS +5PNSHr39dwWlpFHWnuCj7HZRFsBnwP6Ha4bVCulB//Hc2mpH3TfAijBtxVytVuI3 +UmHNqrxbs1iFz22l30FzhJ+lqWstHN8/elaUj7x59IQO7plITfwO6+BB1sb+UIWy +2vAw1P/tmNvkcdgVXd7Qh8Xj/8BZM7IUoh9lZ6n1JXm5W/fzFUkC+r+SLJC15G54 +KTGLBq/UQOWENlGRVczrtwDxe+oCD0uNGWZxjf0g58CiA7FURg3IIS4enfAChuNL +gYLz0+6zGfhTWyASHzef3KQ0dDZ33+EWM7T4A548rwjabPl1Et3HjsVoL6dR2g4Y +Go7DFdJv9h1QgLIE5y8HUv7qqQzp0ZN6AbTQQu52zymKJ/Du91o= +=6O04 -----END PGP SIGNATURE----- ++++++ django-6.0.6.tar.gz -> django-6.0.7.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django6/django-6.0.6.tar.gz /work/SRC/openSUSE:Factory/.python-Django6.new.1991/django-6.0.7.tar.gz differ: char 5, line 1
