- update to 2.1.7 (CVE-2019-6975, bsc#1124991):

* Corrected packaging error from 2.1.6
  * Memory exhaustion in django.utils.numberformat.format()
    If django.utils.numberformat.format() – used by contrib.admin as well
    as the the floatformat, filesizeformat, and intcomma templates
    filters – received a Decimal with a large number of digits or a
    large exponent, it could lead to significant memory usage
    due to a call to '{:f}'.format().
    To avoid this, decimals with more than 200 digits are now formatted
    using scientific notation.
  * Made the obj argument of InlineModelAdmin.has_add_permission() optional
    to restore backwards compatibility with third-party code that doesn’t
    provide it

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=20

Django-2.1.5.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3
-size 8612384

Django-2.1.5.tar.gz.asc

@@ -1,62 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 2.1.5, released January 4, 2019.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring; this key has
-the ID ``1E8ABDC773EDE252`` and can be imported from the MIT
-keyserver. For example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252
-
-Once the key is imported, verify this file::
-
-    gpg --verify <<THIS FILENAME>>
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages:
-=================
-
-https://www.djangoproject.com/m/releases/2.1/Django-2.1.5.tar.gz
-https://www.djangoproject.com/m/releases/2.1/Django-2.1.5-py3-none-any.whl
-
-MD5 checksums
-=============
-
-9309c48c8b92503b8969a7603a97e2a1  Django-2.1.5.tar.gz
-90ac057753cff4d5b154ef4ca3d0e1e6  Django-2.1.5-py3-none-any.whl
-
-SHA1 checksums
-==============
-
-67297b08e31b9f4562bb6813cc28b897fdcc49a5  Django-2.1.5.tar.gz
-ea100ac61c5b6288bef71488e4f5b287f3b99478  Django-2.1.5-py3-none-any.whl
-
-SHA256 checksums
-================
-
-d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3  Django-2.1.5.tar.gz
-a32c22af23634e1d11425574dce756098e015a165be02e4690179889b207c7a8  Django-2.1.5-py3-none-any.whl
------BEGIN PGP SIGNATURE-----
-
-iQIzBAEBCAAdFiEENS9UlZg+ZfEFUeKFHoq9x3Pt4lIFAlwvY8cACgkQHoq9x3Pt
-4lLGShAAnGQDupqHxDdseKMuewzIaSKIzJqjbHwHA6L+56GVsgi+d4MMKr9x89sg
-HCP+5GCyUw0Tsm949FOY1lgcRnbhnhHW4YcwWbQgo05Qp0gGrNqMD1sP2l3uW82S
-eKMtYD1+0QP/7YXqtILzIYKTaHpw7NXHCHEsI7tTAoeXhj2VUu2L7o2D47OOX+8G
-B8nG8qTenCbCQUYRyuODKlal6OweEdkQZITFjWsVTmnh4idw91eymcrLCf7VPLq2
-am+SdYZ6US8p9+vjoBodPKGFOnRJ7fc2f6vWuu3W4X7mA3Qkzzq/rLdNRuulm62X
-LEiKiD5n8BQJXUK1dSgQz2t+aJR7VxUD7icpJA8AhrS0kJoBo5mcxO53JPK083CC
-1AaC3PI6JUM7/ZTuLP40He2nQxZ0W9OAchxSRAbNqCcqtJSJalCD4HBRqYQQH3eI
-OaKZmBnkGVjO/Yq92u/51TtT7aQuh3zm+u41C89hEnVOf5AGrEd6K4wGdTj4pFxj
-81Vi+UKtYoRp7DsExXPLCFA0zfM7yVi6oN4OYWntwGqBFKy5kHI0kjiptHLgzhyS
-zR2Vyc/ifSrN5FOeh/2AkfxqHY8vDEDCf/YQegZiO7mQUYm/wKHjtmgEQB64WeHx
-TGZjZ1xKbZvPR7hSgQragmvvVAhkCYSwu2fTUxwJs1zEIpBSxFk=
-=0YGP
------END PGP SIGNATURE-----

Django-2.1.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:939652e9d34d7d53d74d5d8ef82a19e5f8bb2de75618f7e5360691b6e9667963
+size 8608548

Django-2.1.7.tar.gz.asc

@@ -0,0 +1,62 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 2.1.7, released February 11, 2019.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring; this key has
+the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT
+keyserver. For example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00
+
+Once the key is imported, verify this file::
+
+    gpg --verify <<THIS FILENAME>>
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages:
+=================
+
+https://www.djangoproject.com/m/releases/2.1/Django-2.1.7-py3-none-any.whl
+https://www.djangoproject.com/m/releases/2.1/Django-2.1.7.tar.gz
+
+MD5 checksums
+=============
+
+9b2efcc20342cb780630c02734553c1a  Django-2.1.7-py3-none-any.whl
+a042e6ba117d2e01950d842cceb5eee0  Django-2.1.7.tar.gz
+
+SHA1 checksums
+==============
+
+e818497e0d08208acda63bc3a5afdb85858486b0  Django-2.1.7-py3-none-any.whl
+e1529c46fd643346e6ff8c7f3ba57c398223201f  Django-2.1.7.tar.gz
+
+SHA256 checksums
+================
+
+275bec66fd2588dd517ada59b8bfb23d4a9abc5a362349139ddda3c7ff6f5ade  Django-2.1.7-py3-none-any.whl
+939652e9d34d7d53d74d5d8ef82a19e5f8bb2de75618f7e5360691b6e9667963  Django-2.1.7.tar.gz
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAlxhj9UACgkQ4X31yCtP
+nQCQMRAAwlhgDkKvJSYdJH4No5t6DwnSIvz845Zq7oEnkToTo32lZOoVgGgy1f+z
+ze4bUMLqljxy6WFIL+K7QsvtCGwKcDKrP0Oi4YbPvAsQ01SplPKd66DvcIfhJMv7
+vaIAb47tCSPRvfGrL9KFSvj1mzFl8WO2+UlUbiqIojkg83Xll1Wdv9Lx7mlF423N
+5tpk1Mj3Pk8TLT5gk0ghcIYYgHsXK0eaBaGSNI+rBRPI5HDKj1VCf+c23I+PJRqh
+KMzvf2NWHbu+h8Qa4MkTDT2NEBbQvennW6Wa8WgBOZjVQ9KpMjinS4s6s5nlDskd
+FATIGDKNO48uWn3LDofKjv62EAeW5Nh6S2juHHarXPIv6W7LtPVGTS3X8xn2wXa0
+Q5YyhOyFJGEG452tfm5eqrHb6uhUfXKQngDM/fqv6gh6+gv17/kdVDAfm6Y6EEZN
+YR7lx5O94SkjQA5mLAx6+PkxWP5AbyMZY/CpakcMcR2H6xXytLcQKXjB1TRoXb9C
+NGLjlSM5X40ETlQYqAOWqo7524Tpdot2fcalyBl36UwJcp3bP5GJXy90xvuxOzGQ
+V0BfbdOAgFSj9oaa+y5JiHjHIY3wCCl0vVkmiY6HoJ3NBp040SDItuzt0PilXPFg
+GTX9jTpGQXPjDNGQ2N3nAL27/J3XYlSaH1BrG4Cysb6oAbqPAiI=
+=v5/g
+-----END PGP SIGNATURE-----

python-Django.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Tue Feb 12 09:24:53 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>
+
+- update to 2.1.7 (CVE-2019-6975, bsc#1124991):
+  * Corrected packaging error from 2.1.6
+  * Memory exhaustion in django.utils.numberformat.format()
+    If django.utils.numberformat.format() – used by contrib.admin as well
+    as the the floatformat, filesizeformat, and intcomma templates
+    filters – received a Decimal with a large number of digits or a
+    large exponent, it could lead to significant memory usage
+    due to a call to '{:f}'.format().
+    To avoid this, decimals with more than 200 digits are now formatted
+    using scientific notation.
+  * Made the obj argument of InlineModelAdmin.has_add_permission() optional
+    to restore backwards compatibility with third-party code that doesn’t
+    provide it
+
 -------------------------------------------------------------------
 Thu Jan 10 12:09:43 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>
 

python-Django.spec

@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define skip_python2 1
 Name:           python-Django
-Version:        2.1.5
+Version:        2.1.7
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause