Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2019-02-14 14:12:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Thu Feb 14 14:12:49 2019 rev:48 rq:673591 version:2.1.7 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2019-01-15 09:13:25.378399956 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django.new.28833/python-Django.changes 2019-02-14 14:12:51.596236321 +0100 @@ -1,0 +2,17 @@ +Tue Feb 12 09:24:53 UTC 2019 - Thomas Bechtold <[email protected]> + +- update to 2.1.7 (CVE-2019-6975, bsc#1124991): + * Corrected packaging error from 2.1.6 + * Memory exhaustion in django.utils.numberformat.format() + If django.utils.numberformat.format() – used by contrib.admin as well + as the the floatformat, filesizeformat, and intcomma templates + filters – received a Decimal with a large number of digits or a + large exponent, it could lead to significant memory usage + due to a call to '{:f}'.format(). + To avoid this, decimals with more than 200 digits are now formatted + using scientific notation. + * Made the obj argument of InlineModelAdmin.has_add_permission() optional + to restore backwards compatibility with third-party code that doesn’t + provide it + +------------------------------------------------------------------- Old: ---- Django-2.1.5.tar.gz Django-2.1.5.tar.gz.asc New: ---- Django-2.1.7.tar.gz Django-2.1.7.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.fnTBWb/_old 2019-02-14 14:12:52.188236028 +0100 +++ /var/tmp/diff_new_pack.fnTBWb/_new 2019-02-14 14:12:52.192236026 +0100 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-Django -Version: 2.1.5 +Version: 2.1.7 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-2.1.5.tar.gz -> Django-2.1.7.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/Django-2.1.5.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.28833/Django-2.1.7.tar.gz differ: char 5, line 1 ++++++ Django-2.1.5.tar.gz.asc -> Django-2.1.7.tar.gz.asc ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-2.1.5.tar.gz.asc 2019-01-15 09:13:25.362399971 +0100 +++ /work/SRC/openSUSE:Factory/.python-Django.new.28833/Django-2.1.7.tar.gz.asc 2019-02-14 14:12:51.580236329 +0100 @@ -2,16 +2,16 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 2.1.5, released January 4, 2019. +tarball and wheel files of Django 2.1.7, released February 11, 2019. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring; this key has -the ID ``1E8ABDC773EDE252`` and can be imported from the MIT +the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT keyserver. For example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 1E8ABDC773EDE252 + gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 Once the key is imported, verify this file:: @@ -24,39 +24,39 @@ Release packages: ================= -https://www.djangoproject.com/m/releases/2.1/Django-2.1.5.tar.gz -https://www.djangoproject.com/m/releases/2.1/Django-2.1.5-py3-none-any.whl +https://www.djangoproject.com/m/releases/2.1/Django-2.1.7-py3-none-any.whl +https://www.djangoproject.com/m/releases/2.1/Django-2.1.7.tar.gz MD5 checksums ============= -9309c48c8b92503b8969a7603a97e2a1 Django-2.1.5.tar.gz -90ac057753cff4d5b154ef4ca3d0e1e6 Django-2.1.5-py3-none-any.whl +9b2efcc20342cb780630c02734553c1a Django-2.1.7-py3-none-any.whl +a042e6ba117d2e01950d842cceb5eee0 Django-2.1.7.tar.gz SHA1 checksums ============== -67297b08e31b9f4562bb6813cc28b897fdcc49a5 Django-2.1.5.tar.gz -ea100ac61c5b6288bef71488e4f5b287f3b99478 Django-2.1.5-py3-none-any.whl +e818497e0d08208acda63bc3a5afdb85858486b0 Django-2.1.7-py3-none-any.whl +e1529c46fd643346e6ff8c7f3ba57c398223201f Django-2.1.7.tar.gz SHA256 checksums ================ -d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3 Django-2.1.5.tar.gz -a32c22af23634e1d11425574dce756098e015a165be02e4690179889b207c7a8 Django-2.1.5-py3-none-any.whl +275bec66fd2588dd517ada59b8bfb23d4a9abc5a362349139ddda3c7ff6f5ade Django-2.1.7-py3-none-any.whl +939652e9d34d7d53d74d5d8ef82a19e5f8bb2de75618f7e5360691b6e9667963 Django-2.1.7.tar.gz -----BEGIN PGP SIGNATURE----- -iQIzBAEBCAAdFiEENS9UlZg+ZfEFUeKFHoq9x3Pt4lIFAlwvY8cACgkQHoq9x3Pt -4lLGShAAnGQDupqHxDdseKMuewzIaSKIzJqjbHwHA6L+56GVsgi+d4MMKr9x89sg -HCP+5GCyUw0Tsm949FOY1lgcRnbhnhHW4YcwWbQgo05Qp0gGrNqMD1sP2l3uW82S -eKMtYD1+0QP/7YXqtILzIYKTaHpw7NXHCHEsI7tTAoeXhj2VUu2L7o2D47OOX+8G -B8nG8qTenCbCQUYRyuODKlal6OweEdkQZITFjWsVTmnh4idw91eymcrLCf7VPLq2 -am+SdYZ6US8p9+vjoBodPKGFOnRJ7fc2f6vWuu3W4X7mA3Qkzzq/rLdNRuulm62X -LEiKiD5n8BQJXUK1dSgQz2t+aJR7VxUD7icpJA8AhrS0kJoBo5mcxO53JPK083CC -1AaC3PI6JUM7/ZTuLP40He2nQxZ0W9OAchxSRAbNqCcqtJSJalCD4HBRqYQQH3eI -OaKZmBnkGVjO/Yq92u/51TtT7aQuh3zm+u41C89hEnVOf5AGrEd6K4wGdTj4pFxj -81Vi+UKtYoRp7DsExXPLCFA0zfM7yVi6oN4OYWntwGqBFKy5kHI0kjiptHLgzhyS -zR2Vyc/ifSrN5FOeh/2AkfxqHY8vDEDCf/YQegZiO7mQUYm/wKHjtmgEQB64WeHx -TGZjZ1xKbZvPR7hSgQragmvvVAhkCYSwu2fTUxwJs1zEIpBSxFk= -=0YGP +iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAlxhj9UACgkQ4X31yCtP +nQCQMRAAwlhgDkKvJSYdJH4No5t6DwnSIvz845Zq7oEnkToTo32lZOoVgGgy1f+z +ze4bUMLqljxy6WFIL+K7QsvtCGwKcDKrP0Oi4YbPvAsQ01SplPKd66DvcIfhJMv7 +vaIAb47tCSPRvfGrL9KFSvj1mzFl8WO2+UlUbiqIojkg83Xll1Wdv9Lx7mlF423N +5tpk1Mj3Pk8TLT5gk0ghcIYYgHsXK0eaBaGSNI+rBRPI5HDKj1VCf+c23I+PJRqh +KMzvf2NWHbu+h8Qa4MkTDT2NEBbQvennW6Wa8WgBOZjVQ9KpMjinS4s6s5nlDskd +FATIGDKNO48uWn3LDofKjv62EAeW5Nh6S2juHHarXPIv6W7LtPVGTS3X8xn2wXa0 +Q5YyhOyFJGEG452tfm5eqrHb6uhUfXKQngDM/fqv6gh6+gv17/kdVDAfm6Y6EEZN +YR7lx5O94SkjQA5mLAx6+PkxWP5AbyMZY/CpakcMcR2H6xXytLcQKXjB1TRoXb9C +NGLjlSM5X40ETlQYqAOWqo7524Tpdot2fcalyBl36UwJcp3bP5GJXy90xvuxOzGQ +V0BfbdOAgFSj9oaa+y5JiHjHIY3wCCl0vVkmiY6HoJ3NBp040SDItuzt0PilXPFg +GTX9jTpGQXPjDNGQ2N3nAL27/J3XYlSaH1BrG4Cysb6oAbqPAiI= +=v5/g -----END PGP SIGNATURE-----
