[ubuntu/questing-proposed] python-django 3:5.2.4-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Oct 1 17:55:33 UTC 2025 

python-django (3:5.2.4-1ubuntu2) questing; urgency=medium

  * SECURITY UPDATE: Potential SQL injection
    - debian/patches/CVE-2025-59681.patch: protect against SQL injection in
      django/db/models/sql/query.py, tests/aggregation/tests.py,
      tests/annotations/tests.py,
      tests/expressions/test_queryset_values.py, tests/queries/tests.py.
    - CVE-2025-59681
  * SECURITY UPDATE: Potential partial directory-traversal
    - debian/patches/CVE-2025-59682.patch: validate path in
      django/utils/archive.py, tests/utils_tests/test_archive.py.
    - CVE-2025-59682

Date: Wed, 01 Oct 2025 12:49:58 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/3:5.2.4-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 01 Oct 2025 12:49:58 -0400
Source: python-django
Built-For-Profiles: noudeb
Architecture: source
Version: 3:5.2.4-1ubuntu2
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 python-django (3:5.2.4-1ubuntu2) questing; urgency=medium
 .
   * SECURITY UPDATE: Potential SQL injection
     - debian/patches/CVE-2025-59681.patch: protect against SQL injection in
       django/db/models/sql/query.py, tests/aggregation/tests.py,
       tests/annotations/tests.py,
       tests/expressions/test_queryset_values.py, tests/queries/tests.py.
     - CVE-2025-59681
   * SECURITY UPDATE: Potential partial directory-traversal
     - debian/patches/CVE-2025-59682.patch: validate path in
       django/utils/archive.py, tests/utils_tests/test_archive.py.
     - CVE-2025-59682
Checksums-Sha1:
 ae583a4a9f1b4631ccf17d200434ea1b2cf4820c 2892 python-django_5.2.4-1ubuntu2.dsc
 20c5398f74b3652be66337a80182f950cfb7cdc6 34712 python-django_5.2.4-1ubuntu2.debian.tar.xz
 f7e5b9212e5dc407a95a7d5a53725cc19c956f86 17456 python-django_5.2.4-1ubuntu2_source.buildinfo
Checksums-Sha256:
 128d23f54ab3613ef46886be7962c6b97bf73a96d748133d661183fd466310d7 2892 python-django_5.2.4-1ubuntu2.dsc
 c2749036ddb294f77b87a1232b03d63690cab1a43450056d604d03f99732a73d 34712 python-django_5.2.4-1ubuntu2.debian.tar.xz
 b37739775347ceab46a4c34e73f5e9c42cfcccee50674b0cd0c3d016402319ea 17456 python-django_5.2.4-1ubuntu2_source.buildinfo
Files:
 860f4992acd642780077bc31cbd4294d 2892 python optional python-django_5.2.4-1ubuntu2.dsc
 d731c625112c54b3e0b6f6b1b5ef3ae7 34712 python optional python-django_5.2.4-1ubuntu2.debian.tar.xz
 a40edaa346722547b0e5781f1c879780 17456 python optional python-django_5.2.4-1ubuntu2_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>

More information about the Questing-changes mailing list