- Update to 4.2.14

* Django 4.2.14 fixes two security issues with severity “moderate” and two security issues with severity “low" in 4.2.13 * CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize() (bsc#1227590) * CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (bsc#1227593) * CVE-2024-39330: Potential directory-traversal via Storage.save() (bsc#1227594) * CVE-2024-39614: Potential denial-of-service vulnerability in get_supported_language_variant() (bsc#1227595) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django4?expand=0&rev=2
2024-07-17 14:44:09 +00:00
parent 9ff65d6710
commit b3901740cf
6 changed files with 86 additions and 71 deletions
--- a/Django-4.2.13.checksum.txt
+++ b/Django-4.2.13.checksum.txt
@@ -1,67 +0,0 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the source-code
 tarball and wheel files of Django 4.2.13, released May 7, 2024.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring. This key has
 the ID ``2EE82A8D9470983E`` and can be imported from the MIT
 keyserver, for example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
 or via the GitHub API:
    curl https://github.com/nessita.gpg | gpg --import -
 Once the key is imported, verify this file:
    gpg --verify Django-4.2.13.checksum.txt
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages
 ================
 https://www.djangoproject.com/m/releases/4.2/Django-4.2.13-py3-none-any.whl
 https://www.djangoproject.com/m/releases/4.2/Django-4.2.13.tar.gz
 MD5 checksums
 =============
 449eeffe35a7a748bf9acc4169ea7492  Django-4.2.13-py3-none-any.whl
 a243a2c1e7c0752947d16d4ffae30376  Django-4.2.13.tar.gz
 SHA1 checksums
 ==============
 75a19218f248f0010685b471d1be86cad7602872  Django-4.2.13-py3-none-any.whl
 56373bedaef33ee29b2d240b6b06ebe2e1e2fc58  Django-4.2.13.tar.gz
 SHA256 checksums
 ================
 a17fcba2aad3fc7d46fdb23215095dbbd64e6174bf4589171e732b18b07e426a  Django-4.2.13-py3-none-any.whl
 837e3cf1f6c31347a1396a3f6b65688f2b4bb4a11c580dcb628b5afe527b68a5  Django-4.2.13.tar.gz
 -----BEGIN PGP SIGNATURE-----
 iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmY6YWsoHDEyNDMwNCtu
 ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPtEKD/9S
 rZ+yadh7sQGszWtJEIZZS/YBQRcNyM+26aUkpk+3XT1SUDUs0whtX6U/P3tP+h+P
 0vIk0wxTc3RhRCp8WETYulekRhPFc5HJFwlD/vh9AkEyDKW8QFuV+IBswvlfG/wK
 D+QcuERl31Y1qcrCeFCM+XIRxGR9lQ0DuoCa1FuPl0bvAlNDOfNSmp4OzcPzGm4a
 wE9wtsHqKkL8BAc836JIXHj5wdQK+HOkOv30ZcUU+nD3Lp5N44ESzzSe7IOutN02
 PBAixmwMf6EqjHC7JN49EwiPbEDTmg5HNj7LBM1Teqp5Hms11xGMfzxsh3AbEtoT
 xeqZjrrcwoVf+wASVCKCv33Gfka45Z5X5f5G2O8//yJdLogwr6994rJ1MB7k18Yd
 ObOl17pUctdrNKWuESJXz3l2c1DPbFQNKHiqI66fFm4L/fLMubMzkDlWzWH1jqSo
 8tbSH9ATjEp/aLYKuGgr1gdazl4YbpiTkEjzFXYGmyjF7hPLT7xH2rrGCT4J7Bjc
 TGnZGXdl4yaGcC8Q0Ma5ybMv3GgEsaa1wRnbNv5nQyNXIWrt9rcMfBDwcaSkq6NR
 d7WpYUy5JT0IbR1SAazMY+NjUy+vzq26KkcUcbkoOng3guba0uPuoSphWM607MzK
 UVab1KcJwNOC7/Di4Ul9vlh7dLMVg5yG+o7kFEJU/A==
 =o/kY
 -----END PGP SIGNATURE-----
--- a/Django-4.2.13.tar.gz
+++ b/Django-4.2.13.tar.gz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:837e3cf1f6c31347a1396a3f6b65688f2b4bb4a11c580dcb628b5afe527b68a5
 size 10430886
--- a/Django-4.2.14.checksum.txt
+++ b/Django-4.2.14.checksum.txt
@@ -0,0 +1,67 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 This file contains MD5, SHA1, and SHA256 checksums for the source-code
 tarball and wheel files of Django 4.2.14, released July 9, 2024.
 To use this file, you will need a working install of PGP or other
 compatible public-key encryption software. You will also need to have
 the Django release manager's public key in your keyring. This key has
 the ID ``2EE82A8D9470983E`` and can be imported from the MIT
 keyserver, for example, if using the open-source GNU Privacy Guard
 implementation of PGP:
    gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E
 or via the GitHub API:
    curl https://github.com/nessita.gpg | gpg --import -
 Once the key is imported, verify this file:
    gpg --verify Django-4.2.14.checksum.txt
 Once you have verified this file, you can use normal MD5, SHA1, or SHA256
 checksumming applications to generate the checksums of the Django
 package and compare them to the checksums listed below.
 Release packages
 ================
 https://www.djangoproject.com/m/releases/4.2/Django-4.2.14.tar.gz
 https://www.djangoproject.com/m/releases/4.2/Django-4.2.14-py3-none-any.whl
 MD5 checksums
 =============
 34e53943311a2603dd54c46f284136db  Django-4.2.14.tar.gz
 bf26e4c5c12ca94b7cc1b68b8792a94a  Django-4.2.14-py3-none-any.whl
 SHA1 checksums
 ==============
 62b423064e3b75f038bd19729f3252135d399a8e  Django-4.2.14.tar.gz
 cdb5832c1d8e3368eaafeef6f5d0f1669ff53c45  Django-4.2.14-py3-none-any.whl
 SHA256 checksums
 ================
 fc6919875a6226c7ffcae1a7d51e0f2ceaf6f160393180818f6c95f51b1e7b96  Django-4.2.14.tar.gz
 3ec32bc2c616ab02834b9cac93143a7dc1cdcd5b822d78ac95fc20a38c534240  Django-4.2.14-py3-none-any.whl
 -----BEGIN PGP SIGNATURE-----
 iQJcBAEBCABGFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmaNQY4oHDEyNDMwNCtu
 ZXNzaXRhQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbQAKCRAu6CqNlHCYPqowD/45
 Ii2nt/zw5j7orw/ZHPmQIOZw4H6PJRRG4cET3Utt6Uk0ndyLhVoqqyP2xufXgd1Q
 ciMpaQM4JBovtHo9AIlK2HJQK1gK4riGPcY+zK7PA508UBozAkzPr0lcROnC5XiY
 zitDrnqBmc7w1MdnoHXcYUBYLcahI66qQR61tkFUZzYM3SKUCtwYL9ZvV5Ev5nt2
 9gwQhvehmz1rhJlvLQMIlK/g5kueb6Z5zdmwHhkSQnIhxCX5rDgzopNZDZQoH2G3
 yVcJxsFYv3uaqzr/cDsqOajrYZLc0bdlFUlqNQa8E5jFJSBTscYGSdvzKViqcf7O
 XkeTm9C/TkR39TdzGYANzeqGZYYKs+YZunXNoHthqKEYnf0pz/ciGtkrgsODt/EV
 L60kb/xcWSMBwGEPtaPsVSRpYrdVJ7UcxbRnqORMVHLxIsz48204Dv2toqt3PUm8
 fNOTt198cphvMRDT9vpwAiOp4VjQVdM2D/rU4QEf1l6i6QcQzGdO0crMFBqAY0h3
 IpH2p5im05Bf12kOnPpxKgvYTSQtkP0RN98NbQmSMhJqm9fIZNlvQBs7FprKDAZl
 yAr2JfZT+kfY5Xy9hcwxUH6w8ahlZ7jn2vcsnL1Au1nO5ZiR5n+enMS6yH/rLsEj
 Yp176+ZHtxx4J0iJErkkd7MEf2pBCRM/7O8qr2dsYw==
 =5Gpw
 -----END PGP SIGNATURE-----
--- a/Django-4.2.14.tar.gz
+++ b/Django-4.2.14.tar.gz
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:fc6919875a6226c7ffcae1a7d51e0f2ceaf6f160393180818f6c95f51b1e7b96
 size 10432993
--- a/python-Django4.changes
+++ b/python-Django4.changes
@@ -1,3 +1,18 @@
 -------------------------------------------------------------------
 Wed Jul 17 14:28:50 UTC 2024 - Markéta Machová <mmachova@suse.com>
 - Update to 4.2.14
  * Django 4.2.14 fixes two security issues with severity “moderate” 
    and two security issues with severity “low" in 4.2.13
  * CVE-2024-38875: Potential denial-of-service vulnerability in 
    django.utils.html.urlize() (bsc#1227590)
  * CVE-2024-39329: Username enumeration through timing difference 
    for users with unusable passwords (bsc#1227593)
  * CVE-2024-39330: Potential directory-traversal via Storage.save()
    (bsc#1227594)
  * CVE-2024-39614: Potential denial-of-service vulnerability in 
    get_supported_language_variant() (bsc#1227595)
 -------------------------------------------------------------------
 Tue Jul 16 14:09:18 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
--- a/python-Django4.spec
+++ b/python-Django4.spec
@@ -24,7 +24,7 @@
 %{?sle15_python_module_pythons}
 Name:           python-Django4
 # We want support LTS versions of Django -  numbered 2.2 -> 3.2 -> 4.2 etc
-Version:        4.2.13
+Version:        4.2.14
 Release:        0
 Summary:        A high-level Python Web framework
 License:        BSD-3-Clause