[ubuntu/hirsute-proposed] python-django 2:2.2.19-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Apr 6 13:25:52 UTC 2021 

python-django (2:2.2.19-1ubuntu1) hirsute; urgency=medium

  * SECURITY UPDATE: Potential directory-traversal via uploaded files
    - debian/patches/CVE-2021-28658.patch: properly sanitize filenames in
      django/http/multipartparser.py, tests/file_uploads/tests.py,
      tests/file_uploads/uploadhandler.py, tests/file_uploads/urls.py,
      tests/file_uploads/views.py.
    - CVE-2021-28658

Date: Tue, 06 Apr 2021 08:18:46 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/2:2.2.19-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 06 Apr 2021 08:18:46 -0400
Source: python-django
Built-For-Profiles: noudeb
Architecture: source
Version: 2:2.2.19-1ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 python-django (2:2.2.19-1ubuntu1) hirsute; urgency=medium
 .
   * SECURITY UPDATE: Potential directory-traversal via uploaded files
     - debian/patches/CVE-2021-28658.patch: properly sanitize filenames in
       django/http/multipartparser.py, tests/file_uploads/tests.py,
       tests/file_uploads/uploadhandler.py, tests/file_uploads/urls.py,
       tests/file_uploads/views.py.
     - CVE-2021-28658
Checksums-Sha1:
 f9651a8a2a1b5ff79b137a05284874b321b8e0c0 2886 python-django_2.2.19-1ubuntu1.dsc
 4e954a3d1b84077dbb830e3ae1d823aacad8888b 29848 python-django_2.2.19-1ubuntu1.debian.tar.xz
 a0a646c006bc95b01b3ec3e2a03c3ad84037ab2a 14504 python-django_2.2.19-1ubuntu1_source.buildinfo
Checksums-Sha256:
 86bbaa7c9db3aedc6317acf0558678d3a0dae1946590a79333a4c4d773330e4f 2886 python-django_2.2.19-1ubuntu1.dsc
 bf3c59a10bdbdded15b4b66664671c4c401b60f4b40dc4857544704b88f265b8 29848 python-django_2.2.19-1ubuntu1.debian.tar.xz
 8076accb4e26b1d533e961da19c2a8d1cae273abbf684e0497d4093234cf3551 14504 python-django_2.2.19-1ubuntu1_source.buildinfo
Files:
 552718789a4cbe9f2fb51a943d89e039 2886 python optional python-django_2.2.19-1ubuntu1.dsc
 0ef68a120d1c340d0e4c2738f59b90ca 29848 python optional python-django_2.2.19-1ubuntu1.debian.tar.xz
 3d0f0173e1c6e0b4ad3af45880830292 14504 python optional python-django_2.2.19-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>

More information about the Hirsute-changes mailing list