Hello community, here is the log from the commit of package python-Django for openSUSE:Factory checked in at 2019-06-05 11:38:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Django (Old) and /work/SRC/openSUSE:Factory/.python-Django.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Wed Jun 5 11:38:15 2019 rev:52 rq:707145 version:2.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Django/python-Django.changes 2019-05-08 15:15:49.328902495 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.5148/python-Django.changes 2019-06-05 11:38:17.627085107 +0200 @@ -1,0 +2,7 @@ +Mon Jun 3 11:01:44 UTC 2019 - Ondřej Súkup <mimi...@gmail.com> + +- update to 2.2.2 + * Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468) + * Fixes CVE-2019-11358: Prototype pollution + +------------------------------------------------------------------- Old: ---- Django-2.2.1.tar.gz Django-2.2.1.tar.gz.asc New: ---- Django-2.2.2.tar.gz Django-2.2.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.Czf6BQ/_old 2019-06-05 11:38:18.171085038 +0200 +++ /var/tmp/diff_new_pack.Czf6BQ/_new 2019-06-05 11:38:18.171085038 +0200 @@ -23,7 +23,7 @@ %define skip_python2 1 Name: python-Django # We want support LTS versions of Django - odd numbered 2.2 -> 2.4 -> 2.6 -> 3.0 etc -Version: 2.2.1 +Version: 2.2.2 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-2.2.1.tar.gz -> Django-2.2.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/python-Django/Django-2.2.1.tar.gz /work/SRC/openSUSE:Factory/.python-Django.new.5148/Django-2.2.2.tar.gz differ: char 5, line 1 ++++++ Django-2.2.1.tar.gz.asc -> Django-2.2.2.tar.gz.asc ++++++ --- /work/SRC/openSUSE:Factory/python-Django/Django-2.2.1.tar.gz.asc 2019-05-08 15:15:49.300902433 +0200 +++ /work/SRC/openSUSE:Factory/.python-Django.new.5148/Django-2.2.2.tar.gz.asc 2019-06-05 11:38:17.611085109 +0200 @@ -2,16 +2,16 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 2.2.1, released May 1, 2019. +tarball and wheel files of Django 2.2.2, released June 3, 2019. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring; this key has -the ID ``2EF56372BA48CD1B`` and can be imported from the MIT +the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT keyserver. For example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B + gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 Once the key is imported, verify this file:: @@ -24,40 +24,39 @@ Release packages: ================= -https://www.djangoproject.com/m/releases/2.2/Django-2.2.1-py3-none-any.whl -https://www.djangoproject.com/m/releases/2.2/Django-2.2.1.tar.gz +https://www.djangoproject.com/m/releases/2.2/Django-2.2.2.tar.gz +https://www.djangoproject.com/m/releases/2.2/Django-2.2.2-py3-none-any.whl MD5 checksums ============= -8a2f51f779351edcbceda98719e07254 Django-2.2.1-py3-none-any.whl -3b1721c1b5014316e1af8b10613c7592 Django-2.2.1.tar.gz +c52b05c2bc4898bd68dc0359347fff69 Django-2.2.2.tar.gz +41fdd9254fcbce92001c6881ba5af68d Django-2.2.2-py3-none-any.whl SHA1 checksums ============== -aa28ed3cff3d5c599537bd3913a3ceed76de1a69 Django-2.2.1-py3-none-any.whl -11612623ffbaa5aa2860775b44652d75687cb982 Django-2.2.1.tar.gz +2d8de20bbc3c2864fb095341ecea8cb095bce7ed Django-2.2.2.tar.gz +3ebc7aee84574513a88d7ae765a532cfbcb88c71 Django-2.2.2-py3-none-any.whl SHA256 checksums ================ -bb407d0bb46395ca1241f829f5bd03f7e482f97f7d1936e26e98dacb201ed4ec Django-2.2.1-py3-none-any.whl -6fcc3cbd55b16f9a01f37de8bcbe286e0ea22e87096557f1511051780338eaea Django-2.2.1.tar.gz +753d30d3eb078064d2ddadfea65083c9848074a7f93d7b4dc7fa6b1380d278f5 Django-2.2.2.tar.gz +7cb67e8b934fab23b6daed7144da52e8a25a47eba7f360ca43d2b448506b01ad Django-2.2.2-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAlzJNPAbHGZlbGlzaWFr -Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bnyEP/2VAdw6zsG3cu7YEqoMj -cJChSaLPjRmVT6mWnxRJRLeVgnktCUxgsdriUhEZJ471wn9iZbLaeTQrQwmwli7c -nwK9NIuKSLVePjDd6FlW6yrxzpCp3AMqK3f9vYNVOFJJgZjQAYaFqjI2J/2iU5zS -44UsA8z/P43mx+QVtiKKPGk9brwtLjq4v0Ga1N8fsJz0DPvz3DNdethhKhubowS3 -ozx4pENpCIfldvCsFHE0sVB42h3exeOVEsjEp14n9RbAATHkRmkcAL6gyVOV01ao -klLwejMWM+d5hqN4Ewpy+uF+CD1r/ipc2vXBns3cPJYx2Nyf5FpR8wp8TViWjv3a -pjMJELUpVh0PyiSZjFCwuU3dg75iKQruS/kXme6Y9sYYxtFrSME5ethX2c12YO/2 -HP9807wXy9bAY4g2FCc1oY+qQvYjLuCWQViCbeDUvIRN8g9e9wLAKOWoTRcWR9/7 -+VI+xTsEQdisIhD93zXbD7Z5/OuiwZ+NL/AxZNP+VXzEf5/TvvkOxnFrJuMt1s+S -NNSyLaW+exqEPuu6fHV9y0AqQhqT3wEMPo4cLf5053RQ6igH156t/Lw0kwAFeSP4 -18bkdfKizHM7okNkKULOizWM4xKWZfBaPcN6F+14wBbjE1tEEFa/nk9+WK48biFB -8SC9AU5SQjCsYs0yu/Eh3mOf -=eGQf +iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAlz07+wACgkQ4X31yCtP +nQAp9g//QtCzWnDfLOgFMg6yX/ZXN6XPzTfehjq1oMkEfluXwZrrCUPL3vzLkRiL +2ftqmuvYO16qR0XU+U0939fdXkP22ESStuHJR5Ynj9NXbX2DZy39ccH6vEMD/m1p +5nIz7iS6bOcjz3ocJK/gL1LLp5lZ7q6PXkXYNYzRPMQwfbmjG2ZQHAm+6UE4f1dY +CpdMKOHDeCg6abdOsnD8CBXz5HMS2IfJAQThFJ82ZpiIRnXRs2P0dIWsovN+yIdX +EgcGNsrefNQs9/QQ9N//5ee2g1PrxUaHg2bCu5afiiHRfAFTx9StikhHK/hYvt2l +UW+i2zIPWbS3I33YE5uIROyydOHtcL0pAgmw7OkKYLnmn3KYyVaY6uZ+8WVbjFaq +KSrnFu0qsZFr8p32k95BCYHWcAhcZNIlZKgUFB9gtgmAtkheLqqpG4PYV+BwD9Ff +ipBNIzUBNLBXOuaXm4BOuDjNjklycP/trTbK+VbZyKQrNRNPhnccoYT2qWw/zZVS +wpjpZULznMoc1BvMzMMXkDyhB/y7ov92rCcIj/LRzmYNMLyh0jQygO2ej5Ij7V3U ++nLf3I2702KDYB52/KZdtsLXyWfYmYONGJUgq+P67SuV923kftL4WfXOh/3xLpVJ +MPXK+ivBkyVTRRYhkV3Ouh5AN74sJV71Isz/lCCxK7goWwzFg/8= +=QQ53 -----END PGP SIGNATURE-----
