auto-created for python-Django

This commit was autocreated by AutoGits PR Review Bot

referencing PRs:
 PR: pool/python-Django!4

.gitmodules

@@ -8866,10 +8866,6 @@
 	path = libreoffice-voikko
 	url = ../../pool/libreoffice-voikko
 	branch = leap-16.0
-[submodule "librepods"]
-	path = librepods
-	url = ../../pool/librepods
-	branch = leap-16.0
 [submodule "librepository"]
 	path = librepository
 	url = ../../pool/librepository
@@ -12970,6 +12966,10 @@
 	path = perl-Data-Visitor
 	url = ../../pool/perl-Data-Visitor
 	branch = leap-16.0
+[submodule "perl-Date-Manip"]
+	path = perl-Date-Manip
+	url = ../../pool/perl-Date-Manip
+	branch = leap-16.0
 [submodule "perl-DateTime-Calendar-Mayan"]
 	path = perl-DateTime-Calendar-Mayan
 	url = ../../pool/perl-DateTime-Calendar-Mayan
@@ -14350,6 +14350,10 @@
 	path = perl-TAP-Formatter-GitHubActions
 	url = ../../pool/perl-TAP-Formatter-GitHubActions
 	branch = leap-16.0
+[submodule "perl-TAP-Harness-JUnit"]
+	path = perl-TAP-Harness-JUnit
+	url = ../../pool/perl-TAP-Harness-JUnit
+	branch = leap-16.0
 [submodule "perl-Task-Weaken"]
 	path = perl-Task-Weaken
 	url = ../../pool/perl-Task-Weaken

patchinfo.20260127094025704164.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-108">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-Date-Manip</summary>
+  <description>This update for perl-Date-Manip fixes the following issues:
+
+Introduce perl-Date-Manip.
+</description>
+  <package>perl-Date-Manip</package>
+</patchinfo>

patchinfo.20260128085041420529.93181000773252/_patchinfo

@@ -0,0 +1,11 @@
+<patchinfo incident="packagehub-107">
+  <packager>eroca</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for perl-TAP-Harness-JUnit</summary>
+  <description>This update for perl-TAP-Harness-JUnit fixes the following issues:
+
+Introduce perl-TAP-Harness-JUnit.
+</description>
+  <package>perl-TAP-Harness-JUnit</package>
+</patchinfo>

patchinfo.20260203102131310899.93181000773252/_patchinfo

@@ -0,0 +1,117 @@
+<patchinfo incident="packagehub-106">
+  <issue tracker="cve" id="2025-15059"/>
+  <issue tracker="cve" id="2025-14422"/>
+  <issue tracker="cve" id="2025-14424"/>
+  <issue tracker="bnc" id="1255766">VUL-0: CVE-2025-15059: gimp: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255294">VUL-0: CVE-2025-14423: gimp: LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2025-14425"/>
+  <issue tracker="cve" id="2025-14423"/>
+  <issue tracker="bnc" id="1255293">VUL-0: CVE-2025-14422: gimp: PNM File Parsing Integer Overflow Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255295">VUL-0: CVE-2025-14424: gimp: XCF File Parsing Use-After-Free Remote Code Execution Vulnerability</issue>
+  <issue tracker="bnc" id="1255296">VUL-0: CVE-2025-14425: gimp: JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
+  <packager>mgorse</packager>
+  <rating>moderate</rating>
+  <category>recommended</category>
+  <summary>Recommended update for gimp</summary>
+  <description>This update for gimp fixes the following issues:
+
+Changes in gimp:
+
+- Update to 3.0.8
+  - Font Loading Performance
+    - Improvements in start-up time for users with a large number
+      of fonts was backported from our 3.2 RC2 release. As a
+      result, we now wait to load images until fonts are
+      initialized - this prevents some occasional odd displays and
+      other issues when an XCF file tried to access a partially
+      loaded font.
+  - Assorted updates and fixes
+    - Daniel Plakhotich helped us identify an issue when exporting
+      a lossless WEBP image could be affected by lossy settings
+      (such as Quality being less than 100%). We’ve updated our
+      WEBP plug-in to prevent this from happening.
+    - Thanks to Jehan‘s efforts, the standard gimp-3.0 executable
+      can now be run with a --no-interface flag instead of
+      requiring users to call gimp-console-3.0 even on devices with
+      no display. The --show-debug-menu flag is now visible as
+      well.
+    - programmer_ceds improved our flatpak by adding safe guards to
+      show the correct configuration directory regardless of
+      whether XDG_CONFIG_HOME is defined on the user’s system. This
+      should make it much easier for flatpak users to install and
+      use third party plug-ins.
+    - We fixed a rare but possible crash when using the Equalize
+      filter on images with NaN values. Images that contain these
+      are usually created from scientific or mapping data, so
+      you’re unlikely to come across them in standard editing.
+    - Jeremy Bicha fixed an internal issue where the wrong version
+      number could be used when installing minor releases (such as
+      the 3.2 release candidates and upcoming 3.2 stable release).
+    - As noted in our 3.2RC2 news post, we have updated our SVG
+      import code to improve the rendered path.
+    - Further improvements have been made to our non-destructive
+      filter code to improve stability, especially when copying and
+      pasting layers and images with filters attached to them. Some
+      issues related to applying NDE filters on Quick Masks have
+      also been corrected.
+    - An unintended Search pop-up that appeared when typing while
+      the Channels dockable was selected has been turned off.
+    - When saving XCFs for GIMP 2.10 compatibility, we
+      unintentionally saved Grid color using the new color format.
+      This caused errors when reopening the XCF in 2.10. This
+      problem has now been fixed! If you encounter any other XCF
+      incompatibility, please let us know.
+  - Themes and UX
+    - The Navigation and Selection Editor dockables no longer show
+      a large bright texture when no image is actively selected.
+      This was especially noticeable on dark themes.
+    - When a layer has no active filters, the Fx column had the
+      same “checkbox” outline when hovered over as the lock column.
+      This led to confusion about clicking it to add filters. We
+      have removed the outline on hover as a small step to help
+      address this.
+    - Ondřej Míchal fixed alignment and cut-off issues with the
+      buttons on our Transform tool overlays. All buttons should
+      now be properly centered and visible.
+    - The options for filling layers with colors when resizing the
+      canvas will be turned off when not relevant (such as when you
+      set layers to not be resized).
+    - More GUI elements such as dialog header icons will now
+      respond to your icon size preferences.
+    - Ondřej Míchal has continued his work to update our UI with
+      the more usable Spin Scale widget. He has also updated the
+      widget itself to improve how it works for users and
+      developers alike.
+  - Security fixes
+    - Jacob Boerema and Gabriele Barbero continued to patch
+      potential security issues related to some of our file format
+      plug-ins. In addition to existing fixes mentioned in the
+      release candidate news posts, the following exploits are now
+      prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530
+      ZDI-CAN-28591 ZDI-CAN-28599
+    - Another potential issue related to ICO files with incorrect
+      metadata was reported by Dhiraj. It does not have a CVE
+      number yet, but it has been fixed for GIMP 3.0.8. Jacob
+      Boerema also fixed a potential issue with loading Creator
+      blocks in Paintshop Pro PSP images.
+  - API
+    - For plug-in and script developers, a few new public APIs were
+      backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer ()
+      allows you to retrieve a GEGL buffer from a Cairo surface
+      (such as a text layer). Note that this deprecates
+      gimp_cairo_surface_create_buffer ().
+    - gimp_config_set_xcf_version () and
+      gimp_config_get_xcf_version () can be used to specify a
+      particular XCF version for a configuration. This will allow
+      you to have that data serialized/deserialized for certain
+      versions of GIMP if there were differences (such as the Grid
+      colors mentioned above).
+    - Fixes were made for retrieving image metadata via scripting.
+      GimpMetadata is now a visible child of GExiv2Metadata, so you
+      can use standard gexiv2 functions to retrieve information
+      from it.
+    - Original thumbnail metadata is also now removed on export to
+      prevent potential issues when exporting into a new format.
+</description>
+  <package>gimp</package>
+</patchinfo>

patchinfo.20260204115012215375.93181000773252/_patchinfo

@@ -0,0 +1,30 @@
+<patchinfo>
+  <issue tracker="bnc" id="1257403">VUL-0: CVE-2025-14550: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability via repeated headers when using ASGI</issue>
+  <issue tracker="bnc" id="1257406">VUL-0: CVE-2026-1285: python-Django,python3-Django,python-Django6: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods</issue>
+  <issue tracker="bnc" id="1257405">VUL-0: CVE-2026-1207: python-Django,python3-Django,python-Django6: Potential SQL injection via raster lookups on PostGIS</issue>
+  <issue tracker="cve" id="2026-1207"/>
+  <issue tracker="cve" id="2026-1312"/>
+  <issue tracker="cve" id="2026-1287"/>
+  <issue tracker="bnc" id="1257407">VUL-0: CVE-2026-1287: python-Django,python3-Django,python-Django6: Potential SQL injection in column aliases via control characters</issue>
+  <issue tracker="cve" id="2025-13473"/>
+  <issue tracker="bnc" id="1257401">VUL-0: CVE-2025-13473: python-Django,python3-Django,python-Django6: Username enumeration through timing difference in mod_wsgi authentication handler</issue>
+  <issue tracker="bnc" id="1257408">VUL-0: CVE-2026-1312: python-Django,python3-Django,python-Django6: Potential SQL injection via QuerySet.order_by and FilteredRelation</issue>
+  <issue tracker="cve" id="2025-14550"/>
+  <issue tracker="cve" id="2026-1285"/>
+  <packager>mcalabkova</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-Django</summary>
+  <description>This update for python-Django fixes the following issues:
+
+Changes in python-Django:
+
+- CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408).
+- CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407).
+- CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405).
+- CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406).
+- CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401).
+- CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI (bsc#1257403).
+</description>
+  <package>python-Django</package>
+</patchinfo>

patchinfo.20260204122956065362.93181000773252/_patchinfo

@@ -1,11 +0,0 @@
-<patchinfo>
-  <packager>eroca</packager>
-  <rating>moderate</rating>
-  <category>recommended</category>
-  <summary>Recommended update for librepods</summary>
-  <description>This update for librepods fixes the following issues:
-
-Introduce librepods.
-</description>
-  <package>librepods</package>
-</patchinfo>