-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 06 Jan 2020 15:35:55 +0000
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Architecture: source all
Version: 1:1.11.27-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team 
<python-modules-t...@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Closes: 946937
Changes:
 python-django (1:1.11.27-1~deb10u1) buster-security; urgency=high
 .
   * New upstream security release. (Closes: #946937)
     <https://www.djangoproject.com/weblog/2019/dec/18/security-releases/>
 .
     - CVE-2019-19844: Potential account hijack via password reset form.
 .
       By submitting a suitably crafted email address making use of Unicode
       characters, that compared equal to an existing user email when
       lower-cased for comparison, an attacker could be sent a password reset
       token for the matched account.
 .
       In order to avoid this vulnerability, password reset requests now compare
       the submitted email using the stricter, recommended algorithm for
       case-insensitive comparison of two identifiers from Unicode Technical
       Report 36, section 2.11.2(B)(2). Upon a match, the email containing the
       reset token will be sent to the email address on record rather than the
       submitted address.
Checksums-Sha1:
 dbd523d34605a28fb3880e870aab6809b230cb68 3267 
python-django_1.11.27-1~deb10u1.dsc
 8f0ad184cbae6e69dbe2a1f4d7ec32d842657001 7976980 
python-django_1.11.27.orig.tar.gz
 c8fbb06f8c6368f596d80e332c7518a537e7697f 27276 
python-django_1.11.27-1~deb10u1.debian.tar.xz
 4e7b6cb564fcbc0cadf3d8de400d39c9282c3654 1538076 
python-django-common_1.11.27-1~deb10u1_all.deb
 a054fee1e86f82030397bd841dfa5c78e968dc6a 2689580 
python-django-doc_1.11.27-1~deb10u1_all.deb
 bc8a14f1b1b3569da28028f4ec01806e7352dd77 917320 
python-django_1.11.27-1~deb10u1_all.deb
 9ac9abed0738fed7e8d951c7fa98cd43ae4a2298 14208 
python-django_1.11.27-1~deb10u1_amd64.buildinfo
 565b60900064d136e3d1a2b0b436cdf5c017c453 917472 
python3-django_1.11.27-1~deb10u1_all.deb
Checksums-Sha256:
 d8db6a86b018830d089524a77c5dbe35e2e5ee86fd7f66bbf6061e28a0f740cb 3267 
python-django_1.11.27-1~deb10u1.dsc
 20111383869ad1b11400c94b0c19d4ab12975316cd058eabd17452e0546169b8 7976980 
python-django_1.11.27.orig.tar.gz
 4b24466c413d6f80fd8b8fe511b9401c650daca17a253cce6047eaffabf1e8eb 27276 
python-django_1.11.27-1~deb10u1.debian.tar.xz
 05d843f7f396663203161af92ddc98c3643bcf492169e5e07ff7eef5c32527a8 1538076 
python-django-common_1.11.27-1~deb10u1_all.deb
 14f2cee56e3a359ad438fe8c05acd6f3c8037778f18fc7f8a4d2e4dcc5bba911 2689580 
python-django-doc_1.11.27-1~deb10u1_all.deb
 67157d719ec22ee8df031edc93789dcc03b22df43080496ce400809021f5ace5 917320 
python-django_1.11.27-1~deb10u1_all.deb
 1a48a9763ce0c184440396ee4b82b8576a81cce26a1690e5533031e38a704e44 14208 
python-django_1.11.27-1~deb10u1_amd64.buildinfo
 5a201f2d3e2117ccad111b89afd941bac8dd4e174f61fdddc31057730d9f9773 917472 
python3-django_1.11.27-1~deb10u1_all.deb
Files:
 de97d0a2ce04ea9bb4e87ad3c3b17071 3267 python optional 
python-django_1.11.27-1~deb10u1.dsc
 e75626654c7d92ff8bafa2a36d137372 7976980 python optional 
python-django_1.11.27.orig.tar.gz
 d1fa1f59ff05d9cc2a70d2e6c1461f3a 27276 python optional 
python-django_1.11.27-1~deb10u1.debian.tar.xz
 602d59aa85f11c7830c714ae8e2a00f1 1538076 python optional 
python-django-common_1.11.27-1~deb10u1_all.deb
 4209972a157dd5b2c0b0d5edd12f4b83 2689580 doc optional 
python-django-doc_1.11.27-1~deb10u1_all.deb
 c0500947c8ab6f5f6fc544417fe4e33e 917320 python optional 
python-django_1.11.27-1~deb10u1_all.deb
 0f72d705e397a1d8ef744e88f727352e 14208 python optional 
python-django_1.11.27-1~deb10u1_amd64.buildinfo
 a10adf7165cc6f501e14f5bb734246b7 917472 python optional 
python3-django_1.11.27-1~deb10u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4TcC8ACgkQHpU+J9Qx
HljL2g//QofqKYGSnlXdY5iIJdqGbZcx17ApDnlgOqJr6cq9KGgDkbaJn8RK4IgL
Gnpf2xTJpKvxRDIUyNFrmG6e7Ga9bqHepUkRa/svlI/0yW61IS6EBGXQ5oDLho4R
F6eh/O0FcQckSHusKY5y235QjlNv1aHDwcW1Gzxreo7ko2PaIIzViSDDYozoPA92
WwXpbJZoPqnBS+ySwDxGT5eFJp8qjg93Ht1e1wVolpADXrfMZL0Qki2/1RHV50jP
SIKjQvCqwtriaQD4lGB/TbIcsjfqii98a+PYC2QxuI/AmQqu9VEuyxkYjzw2PrDv
G2vLGIdlJmb4SkF4Z4ss26JKDm1+79APkpWlBug/d7+SoKwMrYjO8QC3yVZlrW2B
+CeNJoCkDXclqv4qQK+D9fg/hERKzdAyxEvx0VtssJ9apDF58EveC4AgRVuiYJME
/kWYmsz4bBmLTE9hrntyTuqyC1OMWKWYCNZ0u+ZQBqECc5edr6YjgWYuE9RqTbE7
pMLC1KjBqSS4R/3wbAYDfvsfKTCfseN18yPH3eHDpcWgrsZqmSmYy506WDHVFcPw
DrKNRJRi9elJ39bnJCiledbfqxPGvz2KhkfCN+8l281JRUBI3X9pHP11jJZfO4vV
UYLy6Pgdp7GIfDy1Nm7F4nxhsjpC518sFHEspRBgieNrw+v7+TI=
=4EQD
-----END PGP SIGNATURE-----

Reply via email to