Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2026-04-16 17:25:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Thu Apr 16 17:25:27 2026 rev:147 rq:1345439 version:5.2.13 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2026-03-05 17:17:21.824155178 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django.new.11940/python-Django.changes 2026-04-16 17:25:49.252594382 +0200 @@ -1,0 +2,15 @@ +Thu Apr 9 06:54:26 UTC 2026 - Markéta Machová <[email protected]> + +- Update to 5.2.13 + * CVE-2026-3902: ASGI header spoofing via underscore/hyphen + conflation (bsc#1261729) + * CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin + (bsc#1261731) + * CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable + (bsc#1261732) + * CVE-2026-33033: Potential denial-of-service vulnerability in + MultiPartParser via base64-encoded file upload (bsc#1261722) + * CVE-2026-33034: Potential denial-of-service vulnerability in + ASGI requests via memory upload limit bypass (bsc#1261724) + +------------------------------------------------------------------- Old: ---- Django-5.2.12.checksum.txt django-5.2.12.tar.gz New: ---- Django-5.2.13.checksum.txt django-5.2.13.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.jQWmcA/_old 2026-04-16 17:25:50.064627837 +0200 +++ /var/tmp/diff_new_pack.jQWmcA/_new 2026-04-16 17:25:50.068628001 +0200 @@ -26,7 +26,7 @@ %bcond_with libalternatives %endif Name: python-Django -Version: 5.2.12 +Version: 5.2.13 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-5.2.12.checksum.txt -> Django-5.2.13.checksum.txt ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-5.2.12.checksum.txt 2026-03-05 17:17:20.496100216 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django.new.11940/Django-5.2.13.checksum.txt 2026-04-16 17:25:49.048585976 +0200 @@ -2,24 +2,24 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the -source-code tarball and wheel files of Django 5.2.12, released March 3, 2026. +source-code tarball and wheel files of Django 5.2.13, released April 7, 2026. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has -the ID ``2EE82A8D9470983E`` and can be imported from the MIT +the ID ``131403F4D16D8DC7`` and can be imported from the MIT keyserver, for example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 2EE82A8D9470983E + gpg --keyserver pgp.mit.edu --recv-key 131403F4D16D8DC7 or via the GitHub API: - curl https://github.com/nessita.gpg | gpg --import - + curl https://github.com/jacobtylerwalls.gpg | gpg --import - Once the key is imported, verify this file: - gpg --verify Django-5.2.12.checksum.txt + gpg --verify Django-5.2.13.checksum.txt Once you have verified this file, you can use normal MD5, SHA1, or SHA256 checksumming applications to generate the checksums of the Django @@ -28,40 +28,40 @@ Release packages ================ -https://www.djangoproject.com/download/5.2.12/tarball/ -https://www.djangoproject.com/download/5.2.12/wheel/ +https://www.djangoproject.com/download/5.2.13/tarball/ +https://www.djangoproject.com/download/5.2.13/wheel/ MD5 checksums ============= -9b60bb1145abcc97d276694f3f82a3b8 django-5.2.12.tar.gz -67ace8128da08ee1e8b507157a638209 django-5.2.12-py3-none-any.whl +4af55cc09a3d1a828259ad0c05330e6b django-5.2.13.tar.gz +0d31cbcebcd7d6deb683d6ff3b914836 django-5.2.13-py3-none-any.whl SHA1 checksums ============== -60c1c6273fe16eeb82cc0c7b330c10508c244353 django-5.2.12.tar.gz -2d4bcf5b9ba0c369400f85e1d194cc0a0931686c django-5.2.12-py3-none-any.whl +87eb3824b2a0369275def77599ff4530690941bc django-5.2.13.tar.gz +0dc6d3892d241ece71c779ef7746b1f9a881031d django-5.2.13-py3-none-any.whl SHA256 checksums ================ -6b809af7165c73eff5ce1c87fdae75d4da6520d6667f86401ecf55b681eb1eeb django-5.2.12.tar.gz -4853482f395c3a151937f6991272540fcbf531464f254a347bf7c89f53c8cff7 django-5.2.12-py3-none-any.whl +a31589db5188d074c63f0945c3888fad104627dfcc236fb2b97f71f89da33bc4 django-5.2.13.tar.gz +5788fce61da23788a8ce6f02583765ab060d396720924789f97fa42119d37f7a django-5.2.13-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQIzBAEBCAAdFiEEW1sboQ2FrHxcduOPLugqjZRwmD4FAmmm0cMACgkQLugqjZRw -mD7tJg//SZ8Kcc2QxdSBH06I+eZ9yklt0Q+Syh6kcOcXeKXwnEeP0nojFRBH/vR3 -kiZNA4Bu657z93MzKHa0SIRdJ+CCeuKMhn/Ybkv/QrGa3PvN/3fp+N2XQdDyKxzY -WsGGKg3L20LuBW4GtJTjWqRgZ/+DnZkUb/gJYd/OMUIYkY16HjUK85Q2TTQAQpSz -SvtBXRVXrZV8+QxCScrFjmIbVrPjnumrTU97T1ne63wdf/IS08ijL4rwFSr+6/cg -T81uI2HKDwN2DEixLhMcy58a4ujNSTai+sxTydvk6xi28Sih4rIU/o3sIpi/LuXd -mXZ6yXgOjiq5/XaGStnNBNuBCPEKgNFXqQfuOS7DqyE0fbgKXLQY3ptjef9EE9av -vCYXxhOYnBcsCPzxzeS+hgAupRMR5YDSLmoS5eXDhpVvWORRfcuaReCIxYXRir1R -Wh0+xh3KW6/kmEsUrpJoYzMmKAGgWzojff3sPxv5Cf1ZP50FPStvvPEjQCpgWmFY -IhtQTKdPJ9exqvFAVyHjUNhrEZnbDZg9ySkszgjyeKgiIjtGcAT9FxrifWO2MbnE -oO+eQSKJupMWBW2ZqdkIqqRFpj/NqCWZHiRBJ9k1fSOeEe50VumhnvcINdM31niO -BA0/JfgwrskTDZpHHWX9McAXDDFt2xWT7mkPSdEOohHKTWonGPM= -=Bg/K +iQIzBAEBCAAdFiEEU9RpQuAGoqPu3IvIExQD9NFtjccFAmnU7H8ACgkQExQD9NFt +jccOQA/9HS6D0F08hW8a50GtHp+vVqqMSpjUrV0rly+dVxZcCRjsqmdKsWO43xhM +lldYa8rHobvbMbqbTSd2mz5GOn5Yx+G+PfiD7V1vKOpVWefJEDzmRBgw3ZMO4kD5 +WzlBZm7X8sRF6LpnKbJQqbhrXSZRvDrRTFB8K0Iduwz29mLVVopedXumimybN/Bh +Kj8lYVHI64psBCKXtota5knVNz0OozybHoMW9oAhsAj0qQbpHdFh4kdaVkwNuts6 +Zihc9kMsG+w8bsOyzMttTi6rMa6zLRjrlGxBkV5sO+3saVJJVYDqKFkr/Zc9WOsS +OJX5+Xtlb5JHCntHv0O5T+VqFopmQEHaIkNWKoKh4MoFl/Zy8lwaX/ydAspMKeYS +9yd8bc7Se5QXEOB5UsR9VuaUDtCpQ7n1NxwWJfEYrUBFyCojfJeP2QSFnG81ZCtj +mf1v45PWDYpLTRtOzSMtvfkg2wMaGYK2FfRzcGuqG7dc7/+RFCjsQr8UNkLWF6Td +DKkl0KrLS1hghkyxyULBSojUc8u4ZCVuxvWwcpcgMYAEknnFGSK9WIu0JCN650QY +3tvQSw9TCu4EZryXsDrVco/5FScYDDCb/aTW+MEIvVd57Sehnh7p5uuYp4uGSXwv +SJLjGsVTH56NzYRn8SLIEgfzXAx7yvgm7kFTTw8j1hd69WX8+4I= +=Qbre -----END PGP SIGNATURE----- ++++++ django-5.2.12.tar.gz -> django-5.2.13.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/django-5.2.12.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.11940/django-5.2.13.tar.gz differ: char 5, line 1
