This bug was fixed in the package python-django - 3:4.2.4-1
---------------
python-django (3:4.2.4-1) experimental; urgency=medium
* New upstream bugfix release.
-- Chris Lamb Wed, 02 Aug 2023 07:53:39 +0100
python-django (3:4.2.3-1) experimental; urgency=medium
* New upstream security release:
- CVE-2023-36053: Potential regular expression denial of service
vulnerability in EmailValidator/URLValidator.
EmailValidator and URLValidator were subject to potential regular
expression denial of service attack via a very large number of domain
name labels of emails and URLs. (Closes: #1040225)
-- Chris Lamb Mon, 03 Jul 2023 17:28:20 +0100
python-django (3:4.2.2-1) experimental; urgency=medium
* New upstream bugfix release.
-- Chris Lamb Mon, 05 Jun 2023 08:12:54 -0700
python-django (3:4.2.1-1) experimental; urgency=high
* New upstream security release.
* CVE-2023-31047: Prevent a potential bypass of validation when uploading
multiple files using one form field.
Uploading multiple files using one form field has never been supported by
forms.FileField or forms.ImageField as only the last uploaded file was
validated. Unfortunately, Uploading multiple files topic suggested
otherwise. In order to avoid the vulnerability, the ClearableFileInput and
FileInput form widgets now raise ValueError when the multiple HTML
attribute is set on them. To prevent the exception and keep the old
behavior, set the allow_multiple_selected attribute to True.
For more details on using the new attribute and handling of multiple files
through a single field, see:
(Closes: #1035467)
* Refresh patches.
-- Chris Lamb Wed, 03 May 2023 09:13:17 -0700
python-django (3:4.2-1) experimental; urgency=medium
* New upstream stable release:
This version has been designated as a long-term support (LTS) release,
which means that security and data loss fixes will be applied for at
least the next three years. It will also receive fixes for crashing bugs,
major functionality bugs in newly-introduced features, and regressions
from older versions of Django for the next eight months until December
2023.
--
* Bump Standards-Version to 4.6.2.
-- Chris Lamb Mon, 03 Apr 2023 12:10:10 +0100
python-django (3:4.2~rc1-1) experimental; urgency=medium
* New upstream release candidate.
-- Chris Lamb Mon, 20 Mar 2023 08:12:25 +0000
python-django (3:4.2~beta1-1) experimental; urgency=medium
* New upstream beta release.
-- Chris Lamb Mon, 20 Feb 2023 07:39:15 -0800
python-django (3:4.2~alpha1-1) experimental; urgency=medium
* New upstream release.
* Refresh patches.
* Upstream does not ship a django/contrib/admin/static/admin/fonts/README.txt
file anymore, so don't try and install it.
* Drop old debian/python3-django.NEWS file.
-- Chris Lamb Thu, 19 Jan 2023 10:44:17 -0800
python-django (3:4.1.5-1) experimental; urgency=medium
* New upstream release.
* Refresh patches.
-- Chris Lamb Tue, 03 Jan 2023 06:56:56 +0000
python-django (3:4.1.4-1) experimental; urgency=medium
* New upstream bugfix release.
-- Chris Lamb Tue, 06 Dec 2022 21:01:08 +0000
python-django (3:4.1.3-1) experimental; urgency=medium
* New upstream bugfix release.
-- Chris Lamb Wed, 02 Nov 2022 11:26:08 +0000
python-django (3:4.1.2-1) experimental; urgency=high
* New upstream security release.
- CVE-2022-41323: Prevent a potential denial-of-service vulnerability in
internationalized URLs. Internationalised URLs were subject to potential
denial of service attack via the locale parameter. This is now escaped to
avoid this possibility.
-- Chris Lamb Tue, 04 Oct 2022 07:42:45 -0700
python-django (3:4.1.1-1) experimental; urgency=medium
* New upstream bugfix release.
* Refresh patches.
-- Chris Lamb Tue, 06 Sep 2022 10:52:34 +0100
python-django (3:4.1-1) experimental; urgency=medium
* New upstream release
* Bump epoch to ensure experimental's version is greater than unstable.
-- Chris Lamb Wed, 03 Aug 2022 07:04:46 -0700