Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2025-10-03 15:42:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new.11973 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Fri Oct 3 15:42:46 2025 rev:139 rq:1308583 version:5.2.7 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2025-09-05 21:42:32.010680867 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.11973/python-Django.changes 2025-10-03 15:43:34.168899845 +0200 @@ -1,0 +2,10 @@ +Thu Oct 2 09:41:30 UTC 2025 - Markéta Machová <[email protected]> + +- Update to 5.2.7 (bsc#1250485, bsc#1250487) + * CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), + aggregate(), and extra() on MySQL and MariaDB + * CVE-2025-59682: Potential partial directory-traversal via archive.extract() + * Fixed a regression in Django 5.2 that reduced the color contrast of the + label of filter_horizontal and filter_vertical widgets within a TabularInline + +------------------------------------------------------------------- Old: ---- Django-5.2.6.checksum.txt django-5.2.6.tar.gz New: ---- Django-5.2.7.checksum.txt django-5.2.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.JodoWF/_old 2025-10-03 15:43:35.340948237 +0200 +++ /var/tmp/diff_new_pack.JodoWF/_new 2025-10-03 15:43:35.344948402 +0200 @@ -26,7 +26,7 @@ %bcond_with libalternatives %endif Name: python-Django -Version: 5.2.6 +Version: 5.2.7 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-5.2.6.checksum.txt -> Django-5.2.7.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-5.2.6.checksum.txt 2025-09-05 21:42:31.754670095 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.11973/Django-5.2.7.checksum.txt 2025-10-03 15:43:25.272530344 +0200 @@ -2,24 +2,24 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 5.2.6, released September 3, 2025. +source-code tarball and wheel files of Django 5.2.7, released October 1, 2025. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has -the ID ``3955B19851EA96EF`` and can be imported from the MIT +the ID ``131403F4D16D8DC7`` and can be imported from the MIT keyserver, for example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 3955B19851EA96EF + gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7 or via the GitHub API: - curl https://github.com/sarahboyce.gpg | gpg --import - + curl https://github.com/jacobtylerwalls.gpg | gpg --import - Once the key is imported, verify this file: - gpg --verify Django-5.2.6.checksum.txt + gpg --verify Django-5.2.7.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -28,39 +28,40 @@ Release packages ================ -https://www.djangoproject.com/download/5.2.6/tarball/ -https://www.djangoproject.com/download/5.2.6/wheel/ +https://www.djangoproject.com/download/5.2.7/tarball/ +https://www.djangoproject.com/download/5.2.7/wheel/ MD5 checksums ============= -1f0327293cc3768903ce8cd390ec3f47 django-5.2.6.tar.gz -fca0005922f8db95eb97108e3d8e0b24 django-5.2.6-py3-none-any.whl +699a77ac347ca3484939762483dc4b08 django-5.2.7.tar.gz +30df887c6ba5244acd04a278f8481a06 django-5.2.7-py3-none-any.whl SHA1 checksums ============== -ada4c057790d255039ac5fe3a31378e5fde0417a django-5.2.6.tar.gz -f92e94e9ab2e21f3d681918d67b15e7e54d348f6 django-5.2.6-py3-none-any.whl +bce22898e62c431f76348b8aae1f5d4cea7591dc django-5.2.7.tar.gz +42b63a5c8bb660e8235cd56ae18b39dce593c7ce django-5.2.7-py3-none-any.whl SHA256 checksums ================ -da5e00372763193d73cecbf71084a3848458cecf4cee36b9a1e8d318d114a87b django-5.2.6.tar.gz -60549579b1174a304b77e24a93d8d9fafe6b6c03ac16311f3e25918ea5a20058 django-5.2.6-py3-none-any.whl +e0f6f12e2551b1716a95a63a1366ca91bbcd7be059862c1b18f989b1da356cdd django-5.2.7.tar.gz +59a13a6515f787dec9d97a0438cd2efac78c8aca1c80025244b0fe507fe0754b django-5.2.7-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQHhBAEBCABLFiEE6xs4DYrFLQArrNMyOVWxmFHqlu8FAmi4JLQtHDQyMjk2NTY2 -K3NhcmFoYm95Y2VAdXNlcnMubm9yZXBseS5naXRodWIuY29tAAoJEDlVsZhR6pbv -rLQL/AmvGY0A1mnf22ZarnqGyH1pRyC7ZrhX2XtoCN6rOjYHleXDqjCIRnbJPnSP -QoKVj6C0xiWsueetEWdrQd2iwgwuAir2dZ0x4TR9ejmVqUUb/R5BakqjZ7g46lsy -GOvU+MlQjzbu1sh0T2G7DC/z019v3+/3lHGpI4HkUFpIb6EOybKW61+MbZZqQMyY -EC/bYEIzfmoJN0Hyi9FoFx0aE/kMpeEYn6wXmEVUfpW7xqXy5AsA2VpU1/nbu0xS -2R+rOljxTSTvqZknDQhr3WbS6D8m/odlcF59pVNzuBwPChz78o6PtwKLitaUy1sp -LOiunKvQYU7Syt4yz+ro+5S+4bcCsIArOe4SKvkMOCi6pFxyXNz0a8PYXpCbg5ER -PQD6RhUbpz2FFMBTeGjPM4JhrIA06A4goX0Q6PHvOLDPg1WlopSKMu5BBGL7fr/O -7jfGeDf5qKIIJ9ZfZS/flS/ebxm8cG9sF7gpbganJC0TnOWmKLdPYQzLia4zFx3f -pj+RwA== -=g/HH +iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmjdIyIACgkQExQD9NFt +jccrNhAAxBJuzYdRSWlL0lRJO/H14bZsOqzxGzLFx7uytj6mSrIWxc5+aStdkQM3 +DxDY8h9jcBqm2d7qSe0enPmqTCJKjZGgPOGDHl/d8p/cZ3l5ClEqrXw9QHiK0jff +WBdFQBSQ1YD/ZQ/W7RSgeWE3fD2Vrp7FrGMRIoy0GIJ5Fm2MDv+xi4epj/BWYNjI +MNu4dHwquo3Dfb5tdFmfjkTP9YDKbAAlEqFoj9VbtSzuhk/waTuIOqt8oOH1m7hF +fd+7+DXtYpRCQ/cw58qozG3yfgnf9loQevRfmQQa5RthEuXmixyVPrwASM6AJ+P9 +HdDS4p85+sHqyi/idXzkzml7WnTBtBMd8o9/2sVoWSEzQ8mUZ32NeMWE+A0u7hsl +krhnu1vJiqsJjAufbKZtjiuZwLHrt2iAQW1eRiW+pUGWMfqMidcMl88X1dFL3zI2 +Lgc4tt1607JRGA4aLoS0u2JQYsTu23I6fWklGq0ZxfkiAYPZ5H8o1vzk6gu+915b +0tySfttPk7DU4Qih7OLXHNeInPFSSUaKMzuKRKozWDFscHjTfxzzabCtuOP0hUCH +7ReoUJzUosxgvds8LoL07b3yP9qvA1IGDgseBxFlW3Vqv5GTwWQsTWwfVgxgP+tN +LXzQviPgWINscDdwx2uyYWpYFCCIOMYYL5pbBdb//ahug90gweM= +=RaIt -----END PGP SIGNATURE----- ++++++ django-5.2.6.tar.gz -> django-5.2.7.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/django-5.2.6.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.11973/django-5.2.7.tar.gz differ: char 5, line 1 ++++++ python-Django.keyring ++++++ --- /var/tmp/diff_new_pack.JodoWF/_old 2025-10-03 15:43:35.440952366 +0200 +++ /var/tmp/diff_new_pack.JodoWF/_new 2025-10-03 15:43:35.444952530 +0200 @@ -130,4 +130,56 @@ z+gZLcBuv/NdNg== =B8gH -----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGV2bPUBEADQ/fSfsrdv/aGrUmyQ1ZmZNSDqlH8GXQH+LQiqOc5QjSgq09kv +YC5H3+yRmj4ENYJrD48Mce54k99U6LXhIopmPnCwnQjhpkXFqaZt8KtlhL/5VhIc +BFSodLkEFENWzpuxOkshOJYU8RxLO6MPQGKkokEGhxUHnNW5kwmGa93Iscu04SZR +L2pAHfYsnxB2Z5HAl4Os6iy7CKP8T5UQhGxwxojvjPyRJTb3IUDifjafPl4kbQyN +GdpgVnjHQtOzoVcXCsU4ig105IzydIf5BTYng3+idmlhQ1u8JzGETdlBvCtxg1K2 +FmGD6IFzyvksdf44DNmxXmGnpMJK3y0+dpFzo33YBE3kFnYm57bwY55tdKmGnDyK +rR/1mARVOLQQYrDT6hgggNwRfqpTk28nU463LnXrLS89zaOxGQhfLm7w9kZ69WDd +UpI4RdZjA/klQJhPmLS7b8YmmZstvoZitsMgpPiexO+x7igMvWvuNyE8QL2EZ54K +6ojVObAdIbQe4LbiYCSut81F6e6tRsX3Jb46y5iUCZEkHvGsrZW6V1l/AIuYBecO +Xr5mmk5W4TpUlXTnyDFJr/FFtWfR1j2Z3ti+pZqAO4GUEUAjox+Dz/shKpmen7Qm +aj/Y/nuvD70B3c5XTWn62zTXVPYVX76sDnIuVsh/kORSP32OqMkesFKT9QARAQAB +tCdKYWNvYiBXYWxscyA8amFjb2J0eWxlcndhbGxzQGdtYWlsLmNvbT6JAlQEEwEI +AD4WIQRT1GlC4Aaio+7ci8gTFAP00W2NxwUCZXZs9QIbAwUJB4Ye+wULCQgHAgYV +CgkICwIEFgIDAQIeAQIXgAAKCRATFAP00W2NxwWVD/9ZTx8q3qsAXfOaWUNugaDM +oyUMa4bURfk82AXLVDju9fQQv/5wDlvQ+ejMDHE0pnvmQSa8bTol8y2IXO9Kl3ak +0NU3oOh3iJKk3q+FtxibGmIM5i095h2T97IBKJrZf6I1O0a9ZfMMDXbVpTeGIRDf +b55G6GG1jhdJa3SgtudUcGizlM0i7UrntUktmbnvWyYzbjWIKdYRq2W7vlEgKvNs +NZFVeO1KqLR92xUAIL+V7HtQ3TetyanYRH91Q8fZR9p+ScEOKJyfrpRa/IfrJKlg +k6MOqGeVaOd4nOX042S1+u0TU7HrVVVhL+Vru4utSYg9ZucM06wZOgR0A6Vay7Ap +Y43nGxRhc//auOJSh4nIQmtyup5+YiyKhynEnSF3pGuKXy64wVOO9XdW69bmyRxz +gAz4W5yTjmNBkQUYAGteJXo4fhDxWYzmeAIE7l5StTbgSZNLbndwmiWEyy8WzJtp +5xzluh+//39D+TUStZKG1MerhqnmJj3CBSTeeiKpW9QOtC4y2vuWzNp3XHS9FjeW +GOz5seJ5VDokkzP05XOfJ9SyblFAOW/Zteh2wdOb+S+/pUz+OukwPZthMwRsl0Dc +U+fx2mK+9I9TBJWgUHO1aXm6FlcyDnSlzc5oM4wXKF4sqByjjuCtYzK8UtEwlKNm +Pyboq4Y5RhYrW63LDl+SerkCDQRldmz1ARAAvkmAuvLXwZ86mubWYQFsmy3UKxdF +cewS8XikjsEZPvf0kYgi9wlMTRDvWlEmNGp9r4NWH36zm6uBjK9hxn+rNsiqkYez +MPTgwvxruSJWJPaFqK096Y8AMuk9SobMsydtlxuChQ3RwYo+j/v1csAdD88igzjW +3HKCzJ0e76ILdfbqlh8tJ+nbXvFgVVV2+vV996PTp4dQedc4/VzFGv00Mejkmhd3 +nUBqdmG9mgqR4LK5xWCHXSVqgdVeH0urOiEN57aOie/30q6IegkfrKCSq1zGJE5o +WApzrOqo0UEDDND6PXDuLvzVuot3M/YvKjUXx8FatJC5BLSH0I9AKBWqPGvjk07V +IoI0CexyKoJKIkGl/ZUyRsorqmqg1671HUYNAFEbIwxeJUQkjTwqUxGXSjei7t8a +wzuZsA81lhXpwt6DfuQQ9XkDrc4dfyEuvkV9PforZxz8dVlDiORw3hPYqBjbU0hy +6D4Ytq3f88azYvZF8GE4uSYzvN6XeRhLr1hnfAFfGQFdNwg4qufjo8QYoQsYe6RZ +uenL1z5vkGRUz03l11GiaOqEJDJTy3dGACeQqAjjno8UL9Nb7PUWfnZL41zOGL8s +DHee7hX2+hsRPMoiqCzJrCjU52G5qGEB8d44VjNM8y435jyfBAh8ugv4rsSonzy+ +ASe0msXK6bLxAy0AEQEAAYkCPAQYAQgAJhYhBFPUaULgBqKj7tyLyBMUA/TRbY3H +BQJldmz1AhsMBQkHhh77AAoJEBMUA/TRbY3HlA0QAI4DQ3MNfkpIZw/aKEetCaVB +LIVEfugoDcUQxiwc00G1aEuxpBdnfT5wFzUodUFJuIntGcYUMJwvAC3RB4ZANuoP +F2j/2JIp42GYhBjNSyy0ix/E2C/95HZDzsvDB4EZ0VMvec+MgAweTZhxZfdCsmId +lMWFfn3UM5FhtsOqLmw11T/6PdDgcyomrsp4ghHph9dJvMGiqXjysTSg3OMxzQeU +lzjX+6C4dY6AcpqAkeG+zRUYSQKsHQwSOxK7zon/hAA2+Gbvu+pzr0jHnatX8Fkd +eOBc6xZpnoQcubj/PXEBhXV4868jW/RNRG5ZXoQpnf63R0616JePkUKnXxs61JD9 +oBuERUPn+HK346QNgNDRhzAufPYsXlPOPtU6poZqinMhsbcpW5Konjp2yLVwosXn +UPGLzZZHy9csF3VcWV96bM8WUEkFNfflisi1nE7yqC/CKgUjK0HUFDhyNHuCICTC +e9tvw2epbaLkid0NxV+a0RWWiUq2kMeTBUezVC27P+LAZ8aTZxHPyERtJlBgTCfm +1hWJ3CcIc4LT54AS3allzTv0f6iHX9WpJhfr3WPIY1Xt/d466l3VSofktwmpTEr2 +DAECOit/CE1rFy1C+MHinAUX6C7ajg6msIE6uZHFrbHlSU8/WrbvZ1e4Nc7w7e/N +R182g26K1DaCZphtoq8Z +=0YqB +-----END PGP PUBLIC KEY BLOCK-----
