- Update to 4.2.14

* Django 4.2.14 fixes two security issues with severity “moderate” 
    and two security issues with severity “low" in 4.2.13
  * CVE-2024-38875: Potential denial-of-service vulnerability in 
    django.utils.html.urlize() (bsc#1227590)
  * CVE-2024-39329: Username enumeration through timing difference 
    for users with unusable passwords (bsc#1227593)
  * CVE-2024-39330: Potential directory-traversal via Storage.save()
    (bsc#1227594)
  * CVE-2024-39614: Potential denial-of-service vulnerability in 
    get_supported_language_variant() (bsc#1227595)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django4?expand=0&rev=2

Django-4.2.13.checksum.txt

@@ -1,67 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
-This file contains MD5, SHA1, and SHA256 checksums for the source-code
-tarball and wheel files of Django 4.2.13, released May 7, 2024.
-
-To use this file, you will need a working install of PGP or other
-compatible public-key encryption software. You will also need to have
-the Django release manager's public key in your keyring. This key has
-the ID ``2EE82A8D9470983E`` and can be imported from the MIT
-keyserver, for example, if using the open-source GNU Privacy Guard
-implementation of PGP:
-
-    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
-
-or via the GitHub API:
-
-    curl https://github.com/nessita.gpg | gpg --import -
-
-Once the key is imported, verify this file:
-
-    gpg --verify Django-4.2.13.checksum.txt
-
-Once you have verified this file, you can use normal MD5, SHA1, or SHA256
-checksumming applications to generate the checksums of the Django
-package and compare them to the checksums listed below.
-
-Release packages
-================
-
-https://www.djangoproject.com/m/releases/4.2/Django-4.2.13-py3-none-any.whl
-https://www.djangoproject.com/m/releases/4.2/Django-4.2.13.tar.gz
-
-MD5 checksums
-=============
-
-449eeffe35a7a748bf9acc4169ea7492  Django-4.2.13-py3-none-any.whl
-a243a2c1e7c0752947d16d4ffae30376  Django-4.2.13.tar.gz
-
-SHA1 checksums
-==============
-
-75a19218f248f0010685b471d1be86cad7602872  Django-4.2.13-py3-none-any.whl
-56373bedaef33ee29b2d240b6b06ebe2e1e2fc58  Django-4.2.13.tar.gz
-
-SHA256 checksums
-================
-
-a17fcba2aad3fc7d46fdb23215095dbbd64e6174bf4589171e732b18b07e426a  Django-4.2.13-py3-none-any.whl
-837e3cf1f6c31347a1396a3f6b65688f2b4bb4a11c580dcb628b5afe527b68a5  Django-4.2.13.tar.gz
------BEGIN PGP SIGNATURE-----
-
-iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmY6YWsoHDEyNDMwNCtu
-ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPtEKD/9S
-rZ+yadh7sQGszWtJEIZZS/YBQRcNyM+26aUkpk+3XT1SUDUs0whtX6U/P3tP+h+P
-0vIk0wxTc3RhRCp8WETYulekRhPFc5HJFwlD/vh9AkEyDKW8QFuV+IBswvlfG/wK
-D+QcuERl31Y1qcrCeFCM+XIRxGR9lQ0DuoCa1FuPl0bvAlNDOfNSmp4OzcPzGm4a
-wE9wtsHqKkL8BAc836JIXHj5wdQK+HOkOv30ZcUU+nD3Lp5N44ESzzSe7IOutN02
-PBAixmwMf6EqjHC7JN49EwiPbEDTmg5HNj7LBM1Teqp5Hms11xGMfzxsh3AbEtoT
-xeqZjrrcwoVf+wASVCKCv33Gfka45Z5X5f5G2O8//yJdLogwr6994rJ1MB7k18Yd
-ObOl17pUctdrNKWuESJXz3l2c1DPbFQNKHiqI66fFm4L/fLMubMzkDlWzWH1jqSo
-8tbSH9ATjEp/aLYKuGgr1gdazl4YbpiTkEjzFXYGmyjF7hPLT7xH2rrGCT4J7Bjc
-TGnZGXdl4yaGcC8Q0Ma5ybMv3GgEsaa1wRnbNv5nQyNXIWrt9rcMfBDwcaSkq6NR
-d7WpYUy5JT0IbR1SAazMY+NjUy+vzq26KkcUcbkoOng3guba0uPuoSphWM607MzK
-UVab1KcJwNOC7/Di4Ul9vlh7dLMVg5yG+o7kFEJU/A==
-=o/kY
------END PGP SIGNATURE-----

Django-4.2.13.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:837e3cf1f6c31347a1396a3f6b65688f2b4bb4a11c580dcb628b5afe527b68a5
-size 10430886

Django-4.2.14.checksum.txt

@@ -0,0 +1,67 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This file contains MD5, SHA1, and SHA256 checksums for the source-code
+tarball and wheel files of Django 4.2.14, released July 9, 2024.
+
+To use this file, you will need a working install of PGP or other
+compatible public-key encryption software. You will also need to have
+the Django release manager's public key in your keyring. This key has
+the ID ``2EE82A8D9470983E`` and can be imported from the MIT
+keyserver, for example, if using the open-source GNU Privacy Guard
+implementation of PGP:
+
+    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
+
+or via the GitHub API:
+
+    curl https://github.com/nessita.gpg | gpg --import -
+
+Once the key is imported, verify this file:
+
+    gpg --verify Django-4.2.14.checksum.txt
+
+Once you have verified this file, you can use normal MD5, SHA1, or SHA256
+checksumming applications to generate the checksums of the Django
+package and compare them to the checksums listed below.
+
+Release packages
+================
+
+https://www.djangoproject.com/m/releases/4.2/Django-4.2.14.tar.gz
+https://www.djangoproject.com/m/releases/4.2/Django-4.2.14-py3-none-any.whl
+
+MD5 checksums
+=============
+
+34e53943311a2603dd54c46f284136db  Django-4.2.14.tar.gz
+bf26e4c5c12ca94b7cc1b68b8792a94a  Django-4.2.14-py3-none-any.whl
+
+SHA1 checksums
+==============
+
+62b423064e3b75f038bd19729f3252135d399a8e  Django-4.2.14.tar.gz
+cdb5832c1d8e3368eaafeef6f5d0f1669ff53c45  Django-4.2.14-py3-none-any.whl
+
+SHA256 checksums
+================
+
+fc6919875a6226c7ffcae1a7d51e0f2ceaf6f160393180818f6c95f51b1e7b96  Django-4.2.14.tar.gz
+3ec32bc2c616ab02834b9cac93143a7dc1cdcd5b822d78ac95fc20a38c534240  Django-4.2.14-py3-none-any.whl
+-----BEGIN PGP SIGNATURE-----
+
+iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmaNQY4oHDEyNDMwNCtu
+ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPqowD/45
+Ii2nt/zw5j7orw/ZHPmQIOZw4H6PJRRG4cET3Utt6Uk0ndyLhVoqqyP2xufXgd1Q
+ciMpaQM4JBovtHo9AIlK2HJQK1gK4riGPcY+zK7PA508UBozAkzPr0lcROnC5XiY
+zitDrnqBmc7w1MdnoHXcYUBYLcahI66qQR61tkFUZzYM3SKUCtwYL9ZvV5Ev5nt2
+9gwQhvehmz1rhJlvLQMIlK/g5kueb6Z5zdmwHhkSQnIhxCX5rDgzopNZDZQoH2G3
+yVcJxsFYv3uaqzr/cDsqOajrYZLc0bdlFUlqNQa8E5jFJSBTscYGSdvzKViqcf7O
+XkeTm9C/TkR39TdzGYANzeqGZYYKs+YZunXNoHthqKEYnf0pz/ciGtkrgsODt/EV
+L60kb/xcWSMBwGEPtaPsVSRpYrdVJ7UcxbRnqORMVHLxIsz48204Dv2toqt3PUm8
+fNOTt198cphvMRDT9vpwAiOp4VjQVdM2D/rU4QEf1l6i6QcQzGdO0crMFBqAY0h3
+IpH2p5im05Bf12kOnPpxKgvYTSQtkP0RN98NbQmSMhJqm9fIZNlvQBs7FprKDAZl
+yAr2JfZT+kfY5Xy9hcwxUH6w8ahlZ7jn2vcsnL1Au1nO5ZiR5n+enMS6yH/rLsEj
+Yp176+ZHtxx4J0iJErkkd7MEf2pBCRM/7O8qr2dsYw==
+=5Gpw
+-----END PGP SIGNATURE-----

Django-4.2.14.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fc6919875a6226c7ffcae1a7d51e0f2ceaf6f160393180818f6c95f51b1e7b96
+size 10432993

python-Django4.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Jul 17 14:28:50 UTC 2024 - Markéta Machová <mmachova@suse.com>
+
+- Update to 4.2.14
+  * Django 4.2.14 fixes two security issues with severity “moderate” 
+    and two security issues with severity “low" in 4.2.13
+  * CVE-2024-38875: Potential denial-of-service vulnerability in 
+    django.utils.html.urlize() (bsc#1227590)
+  * CVE-2024-39329: Username enumeration through timing difference 
+    for users with unusable passwords (bsc#1227593)
+  * CVE-2024-39330: Potential directory-traversal via Storage.save()
+    (bsc#1227594)
+  * CVE-2024-39614: Potential denial-of-service vulnerability in 
+    get_supported_language_variant() (bsc#1227595)
+
 -------------------------------------------------------------------
 Tue Jul 16 14:09:18 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
 

python-Django4.spec

@@ -24,7 +24,7 @@
 %{?sle15_python_module_pythons}
 Name:           python-Django4
 # We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
-Version:        4.2.13
+Version:        4.2.14
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause