[ubuntu/groovy-proposed] python-django 2:2.2.12-1ubuntu1 (Accepted)

[Marc Deslauriers]

python-django (2:2.2.12-1ubuntu1) groovy; urgency=medium

  * SECURITY UPDATE: Potential data leakage via malformed memcached keys
    - debian/patches/CVE-2020-13254.patch: enforced cache key validation in
      memcached backends in django/core/cache/__init__.py,
      django/core/cache/backends/base.py,
      django/core/cache/backends/memcached.py, tests/cache/tests.py.
    - CVE-2020-13254
  * SECURITY UPDATE: Possible XSS via admin ForeignKeyRawIdWidget
    - debian/patches/CVE-2020-13596.patch: fixed potential XSS in admin
      ForeignKeyRawIdWidget in django/contrib/admin/widgets.py,
      tests/admin_widgets/models.py, tests/admin_widgets/tests.py.
    - CVE-2020-13596

Date: Thu, 28 May 2020 10:10:05 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 May 2020 10:10:05 -0400
Source: python-django
Architecture: source
Version: 2:2.2.12-1ubuntu1
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 python-django (2:2.2.12-1ubuntu1) groovy; urgency=medium
 .
   * SECURITY UPDATE: Potential data leakage via malformed memcached keys
     - debian/patches/CVE-2020-13254.patch: enforced cache key validation in
       memcached backends in django/core/cache/__init__.py,
       django/core/cache/backends/base.py,
       django/core/cache/backends/memcached.py, tests/cache/tests.py.
     - CVE-2020-13254
   * SECURITY UPDATE: Possible XSS via admin ForeignKeyRawIdWidget
     - debian/patches/CVE-2020-13596.patch: fixed potential XSS in admin
       ForeignKeyRawIdWidget in django/contrib/admin/widgets.py,
       tests/admin_widgets/models.py, tests/admin_widgets/tests.py.
     - CVE-2020-13596
Checksums-Sha1:
 e6f07181277844a224f075f193ba96a496fb5a5d 2905 python-django_2.2.12-1ubuntu1.dsc
 5be7154f405738671feb862c778e93040caefc9d 30304 python-django_2.2.12-1ubuntu1.debian.tar.xz
 796ed3b92224dcd315644856bf8d48ffabe94654 13392 python-django_2.2.12-1ubuntu1_source.buildinfo
Checksums-Sha256:
 ed1b5290640a684cfa106d840a1b9e2d69cefa8fcf4f333510e7db6dd80adbd2 2905 python-django_2.2.12-1ubuntu1.dsc
 c9480334af36e885309334f76413b3355670b999add0a8fca6b967a2136b1baa 30304 python-django_2.2.12-1ubuntu1.debian.tar.xz
 d2acc739102fc7983f387506a50fa31a911b43515d4575b6afdaa92e86ecf66f 13392 python-django_2.2.12-1ubuntu1_source.buildinfo
Files:
 832d2b89d508439d4fd5bfed52ab873d 2905 python optional python-django_2.2.12-1ubuntu1.dsc
 3c82af6de41b281fb0cae440c744422f 30304 python optional python-django_2.2.12-1ubuntu1.debian.tar.xz
 18b33c086f8dae6b17f88028c9d6a514 13392 python optional python-django_2.2.12-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7Xkt0ACgkQZWnYVadE
vpN4xA/7Bk4Hses+Fhvl5vS9jwGiRClM1+RxJRKVvfRHgoYo6JpkzzyhLWPX+FT7
8GQDP89MChRp5zFqbd+qwazqZ+70cWl/eFbWlBurXQCrfhMPCZ6KTlBYlNJnyyqn
eprYRDL4oLKGDt4GtChX4CJDQnxAypGafFlrZ5hFbw2CTy/OagV62eXcZ5Mnrchl
+ZKMf4qeZK0Vtj1pPXoqg4Nl7iSv2XHI5T8cM+piinjuAY2NFLQX9jyQ5KsbFGCU
IaHcguKqwxs0bRFqewocEGg3c178x+cOsrYxxYQkp0EdlNIxdNXV+hPYwt0dTmDl
hiumo9+apiFw+gvNcgEN9RXGWTF93mn77KZbYKV4n0nw4f3500bGcopltRZcxVZD
h9UiX618jOTk2XdnKC54XjHoFEDUDxz5LW71uT7clGFrUGINzNqrXx1Tf2364LBl
dwFxl9lFzBPSnr0VXc1HJoteLlOo1y2ZyOVdNqCIqYQm629EKsRfgGEu/WsIdmNc
jwcp6P5MHse3RmvpGP31FbfzFYWfDMKOBWd1bvT8/acjC1ObChEK8eRsfE3ab0AJ
Suji/NatNpgxodUNdZ8U/Pglpc1DlI9IoqljRKw9j6Z1Nnjtl1tjPeWGYWk6l79F
b1JcobUG9joTQO6nimSoiaMqxUoAi9IY6QEQYeFEwFfi7xd5+lc=
=R/+O
-----END PGP SIGNATURE-----