From 0da9f5542f93561878a41c6fcc1c5976ba492b9268e7127ba3e68064ed551c3a Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@noreply.src.opensuse.org>
Date: Mon, 8 Dec 2025 13:55:36 +0100
Subject: [PATCH] Update submodules from pool/python-Django#3 and create
 patchinfo.20251208125318499450.93181000773252/_patchinfo

---
 .../_patchinfo                                 | 18 ++++++++++++++++++
 python-Django                                  |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 patchinfo.20251208125318499450.93181000773252/_patchinfo

diff --git a/patchinfo.20251208125318499450.93181000773252/_patchinfo b/patchinfo.20251208125318499450.93181000773252/_patchinfo
new file mode 100644
index 0000000..e55511c
--- /dev/null
+++ b/patchinfo.20251208125318499450.93181000773252/_patchinfo
@@ -0,0 +1,18 @@
+<patchinfo>
+  <issue tracker="bnc" id="1254437">VUL-0: CVE-2025-64460,CVE-2025-13372: python-Django: Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion</issue>
+  <issue tracker="bnc" id="1252926">VUL-0: CVE-2025-64459: python-Django,python-Django4: Potential SQL injection via `_connector` keyword argument in `QuerySet` and `Q` objects</issue>
+  <issue tracker="cve" id="2025-13372">cve#2025-13372 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-13372</issue>
+  <issue tracker="cve" id="2025-64460">cve#2025-64460 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-64460</issue>
+  <issue tracker="cve" id="2025-64459">cve#2025-64459 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-64459</issue>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+- CVE-2025-64459: Fixed a potential SQL injection via `_connector` keyword argument in `QuerySet` and `Q` objects (bsc#1252926)
+- CVE-2025-13372,CVE-2025-64460: Fixed Denial of Service in 'django.core.serializers.xml_serializer.getInnerText()' (bsc#1254437)
+</description>
+  <package>python-Django</package>
+  <seperate_build_arch/>
+</patchinfo>
diff --git a/python-Django b/python-Django
index a2220d5..58adc28 160000
--- a/python-Django
+++ b/python-Django
@@ -1 +1 @@
-Subproject commit a2220d5d79ae179e800d904c89434e76b27ec4418eb1be0a1d879cdd675b2e19
+Subproject commit 58adc28d1a7975cac81228993b6630e435ce44e35bf29fa857c63fa8799032e9
-- 
2.51.1