Comment 4 for bug 2022089

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote : Re: Update to version 4.2 for mantic

This bug was fixed in the package python-django - 3:4.2.4-1

---------------
python-django (3:4.2.4-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/4.2/releases/4.2.4/>

 -- Chris Lamb <email address hidden> Wed, 02 Aug 2023 07:53:39 +0100

python-django (3:4.2.3-1) experimental; urgency=medium

  * New upstream security release:

    - CVE-2023-36053: Potential regular expression denial of service
      vulnerability in EmailValidator/URLValidator.

      EmailValidator and URLValidator were subject to potential regular
      expression denial of service attack via a very large number of domain
      name labels of emails and URLs. (Closes: #1040225)

 -- Chris Lamb <email address hidden> Mon, 03 Jul 2023 17:28:20 +0100

python-django (3:4.2.2-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/4.2/releases/4.2.2/>

 -- Chris Lamb <email address hidden> Mon, 05 Jun 2023 08:12:54 -0700

python-django (3:4.2.1-1) experimental; urgency=high

  * New upstream security release.
  * CVE-2023-31047: Prevent a potential bypass of validation when uploading
    multiple files using one form field.

    Uploading multiple files using one form field has never been supported by
    forms.FileField or forms.ImageField as only the last uploaded file was
    validated. Unfortunately, Uploading multiple files topic suggested
    otherwise. In order to avoid the vulnerability, the ClearableFileInput and
    FileInput form widgets now raise ValueError when the multiple HTML
    attribute is set on them. To prevent the exception and keep the old
    behavior, set the allow_multiple_selected attribute to True.

    For more details on using the new attribute and handling of multiple files
    through a single field, see:

      <https://docs.djangoproject.com/en/stable/topics/http/file-uploads/#uploading-multiple-files>

    (Closes: #1035467)

  * Refresh patches.

 -- Chris Lamb <email address hidden> Wed, 03 May 2023 09:13:17 -0700

python-django (3:4.2-1) experimental; urgency=medium

  * New upstream stable release:

      This version has been designated as a long-term support (LTS) release,
      which means that security and data loss fixes will be applied for at
      least the next three years. It will also receive fixes for crashing bugs,
      major functionality bugs in newly-introduced features, and regressions
      from older versions of Django for the next eight months until December
      2023.

        -- <https://www.djangoproject.com/weblog/2023/apr/03/django-42-released/>

  * Bump Standards-Version to 4.6.2.

 -- Chris Lamb <email address hidden> Mon, 03 Apr 2023 12:10:10 +0100

python-django (3:4.2~rc1-1) experimental; urgency=medium

  * New upstream release candidate.

 -- Chris Lamb <email address hidden> Mon, 20 Mar 2023 08:12:25 +0000

python-django (3:4.2~beta1-1) experimental; urgency=medium

  * New upstream beta release.
    <https://www.djangoproject.com/weblog/2023/feb/20/django-42-beta-1-released/>

 -- Chris Lamb <email address hidden> Mon, 20 Feb 2023 07:39:15 -0800

python-django (3:4.2~alpha1-1) experimental; urgency=medium

  * New upstream release.
    <https://www.djangoproject.com/weblog/2023/jan/17/django-42-alpha-1-released/>
  * Refresh patches.
  * Upstream does not ship a django/contrib/admin/static/admin/fonts/README.txt
    file anymore, so don't try and install it.
  * Drop old debian/python3-django.NEWS file.

 -- Chris Lamb <email address hidden> Thu, 19 Jan 2023 10:44:17 -0800

python-django (3:4.1.5-1) experimental; urgency=medium

  * New upstream release.
    <https://docs.djangoproject.com/en/4.1/releases/4.1.5/>
  * Refresh patches.

 -- Chris Lamb <email address hidden> Tue, 03 Jan 2023 06:56:56 +0000

python-django (3:4.1.4-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/4.1/releases/4.1.4/>

 -- Chris Lamb <email address hidden> Tue, 06 Dec 2022 21:01:08 +0000

python-django (3:4.1.3-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/4.1/releases/4.1.3/>

 -- Chris Lamb <email address hidden> Wed, 02 Nov 2022 11:26:08 +0000

python-django (3:4.1.2-1) experimental; urgency=high

  * New upstream security release.
    <https://www.djangoproject.com/weblog/2022/oct/04/security-releases/>

    - CVE-2022-41323: Prevent a potential denial-of-service vulnerability in
      internationalized URLs. Internationalised URLs were subject to potential
      denial of service attack via the locale parameter. This is now escaped to
      avoid this possibility.

 -- Chris Lamb <email address hidden> Tue, 04 Oct 2022 07:42:45 -0700

python-django (3:4.1.1-1) experimental; urgency=medium

  * New upstream bugfix release.
    <https://docs.djangoproject.com/en/4.1/releases/4.1.1/>
  * Refresh patches.

 -- Chris Lamb <email address hidden> Tue, 06 Sep 2022 10:52:34 +0100

python-django (3:4.1-1) experimental; urgency=medium

  * New upstream release
    <https://www.djangoproject.com/weblog/2022/aug/03/django-41-released/>
  * Bump epoch to ensure experimental's version is greater than unstable.

 -- Chris Lamb <email address hidden> Wed, 03 Aug 2022 07:04:46 -0700