Hello community, here is the log from the commit of package python-Django for openSUSE:Leap:15.2 checked in at 2020-03-31 07:22:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/python-Django (Old) and /work/SRC/openSUSE:Leap:15.2/.python-Django.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Django" Tue Mar 31 07:22:32 2020 rev:41 rq:788934 version:2.2.11 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/python-Django/python-Django.changes 2020-02-21 23:48:33.816472516 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python-Django.new.3160/python-Django.changes 2020-03-31 07:22:36.286404144 +0200 @@ -1,0 +2,7 @@ +Wed Mar 18 10:59:36 UTC 2020 - Ondřej Súkup <[email protected]> + +- update to 2.2.11 + * fix boo#1165022 (CVE-2020-9402) Potential SQL injection via tolerance + parameter in GIS functions and aggregates on Oracle + +------------------------------------------------------------------- @@ -6,2 +13 @@ - * fix boo#1161919 (CVE-2020 7471) Potential SQL injection via ``StringAgg(delimiter)`` - + * fix boo#1161919 (CVE-2020-7471) Potential SQL injection via ``StringAgg(delimiter)`` Old: ---- Django-2.2.10.tar.gz Django-2.2.10.tar.gz.asc New: ---- Django-2.2.11.tar.gz Django-2.2.11.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Django.spec ++++++ --- /var/tmp/diff_new_pack.rralzj/_old 2020-03-31 07:22:37.022404463 +0200 +++ /var/tmp/diff_new_pack.rralzj/_new 2020-03-31 07:22:37.026404465 +0200 @@ -23,7 +23,7 @@ %bcond_with memcached Name: python-Django # We want support LTS versions of Django - numbered 2.2 -> 3.2 -> 4.2 etc -Version: 2.2.10 +Version: 2.2.11 Release: 0 Summary: A high-level Python Web framework License: BSD-3-Clause ++++++ Django-2.2.10.tar.gz -> Django-2.2.11.tar.gz ++++++ /work/SRC/openSUSE:Leap:15.2/python-Django/Django-2.2.10.tar.gz /work/SRC/openSUSE:Leap:15.2/.python-Django.new.3160/Django-2.2.11.tar.gz differ: char 5, line 1 ++++++ Django-2.2.10.tar.gz.asc -> Django-2.2.11.tar.gz.asc ++++++ --- /work/SRC/openSUSE:Leap:15.2/python-Django/Django-2.2.10.tar.gz.asc 2020-02-21 23:48:33.788472460 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python-Django.new.3160/Django-2.2.11.tar.gz.asc 2020-03-31 07:22:36.266404135 +0200 @@ -2,16 +2,16 @@ Hash: SHA256 This file contains MD5, SHA1, and SHA256 checksums for the source-code -tarball and wheel files of Django 2.2.10, released February 3, 2020. +tarball and wheel files of Django 2.2.11, released March 4, 2020. To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring; this key has -the ID ``E17DF5C82B4F9D00`` and can be imported from the MIT +the ID ``2EF56372BA48CD1B`` and can be imported from the MIT keyserver. For example, if using the open-source GNU Privacy Guard implementation of PGP: - gpg --keyserver pgp.mit.edu --recv-key E17DF5C82B4F9D00 + gpg --keyserver pgp.mit.edu --recv-key 2EF56372BA48CD1B Once the key is imported, verify this file:: @@ -24,39 +24,40 @@ Release packages: ================= -https://www.djangoproject.com/m/releases/2.2/Django-2.2.10-py3-none-any.whl -https://www.djangoproject.com/m/releases/2.2/Django-2.2.10.tar.gz +https://www.djangoproject.com/m/releases/2.2/Django-2.2.11.tar.gz +https://www.djangoproject.com/m/releases/2.2/Django-2.2.11-py3-none-any.whl MD5 checksums ============= -d24676ee3a4e112abc46f5363a608cd6 Django-2.2.10-py3-none-any.whl -10f192f8565ab137aea2dda4a4cb3d26 Django-2.2.10.tar.gz +3d8cc4ec1329c742d848c418932e488a Django-2.2.11.tar.gz +c56b564c33b2803c00bb3087d1e316c2 Django-2.2.11-py3-none-any.whl SHA1 checksums ============== -084cdc5c5e2041b0d202cd9cfc2d272f978a244b Django-2.2.10-py3-none-any.whl -86b0f5160b52cc4330d17cd69090f7f240c9fb47 Django-2.2.10.tar.gz +fcb4c862f6f769465dc1d2bbb71e7a733db8e134 Django-2.2.11.tar.gz +2a311f39a41ce4ee8f271235652fe9ed79cd851d Django-2.2.11-py3-none-any.whl SHA256 checksums ================ -9a4635813e2d498a3c01b10c701fe4a515d76dd290aaa792ccb65ca4ccb6b038 Django-2.2.10-py3-none-any.whl -1226168be1b1c7efd0e66ee79b0e0b58b2caa7ed87717909cd8a57bb13a7079a Django-2.2.10.tar.gz +65e2387e6bde531d3bb803244a2b74e0253550a9612c64a60c8c5be267b30f50 Django-2.2.11.tar.gz +b51c9c548d5c3b3ccbb133d0bebc992e8ec3f14899bce8936e6fdda6b23a1881 Django-2.2.11-py3-none-any.whl -----BEGIN PGP SIGNATURE----- -iQIzBAEBCAAdFiEE/l+2OHah1xioxnVW4X31yCtPnQAFAl432l4ACgkQ4X31yCtP -nQDn1BAAn6zw5gnrDYDq1l3EOu5msL93pTt4vlRQP398taGwmytUdlpiDBtzRwUC -wDRqOIwAoExhoxRbg5vn4oYkb+V5mYBr3ExWQpDvVRS3j4Pt+sldOUUF66JpfUEV -iyo982VN0x91Ddx1Q+KGiEd3i+p5w2VFMDh+FDM+ySBzv86t0g0errCxb6+9Je4P -MxtLgVzeGhAigoiQzJcGjr3uYxOZSNwNuxYiw/3vHpi8KmET3Bst+zLhYtr3LiAz -3+K1qWek/Wwbv/Ycj4S+6TaVjaUkeNN3LlU7JCS8HFh2FkqmBGkmw5lZKM8RO9BK -hIu8ZK8c5gzJ2I/Ez9bU1aAE2GFXBKMdvixmDMJ7NrMGATjrGOhI3mfGkG01QDKq -jcLK89d/faeb2qsNRaSFlroI4F4tEVPkvehKAeazByynpZZ30kSmr2PMQwJezAK8 -LSjOfGSpF4cQJe4d/oyQm+JfqZA0NTby+6JjFgN1Ar0DjouXsUa96m5iQgwBbNwJ -x6NqRk9fWyC73nr+MyQ2h+WaWwsW5sT2T6V6ZVaNLu3jdt9ijfhjKTsrvEIhe+Ri -7sMz57PBaSNETZgwT86aLvDE6BMP5FjJ4MKB5MGFK3q3FHTtsogj5a3WZ1lyWyt0 -WiWQzCjdIyQnrmSOLTXV6EdlThziXZor81ilDiFcMeIUr/HF8tk= -=IWbV +iQJPBAEBCAA5FiEEq7LCqM0B8WE2GLcNLvVjcrpIzRsFAl5faK4bHGZlbGlzaWFr +Lm1hcml1c3pAZ21haWwuY29tAAoJEC71Y3K6SM0bGNkP/25Kn3E7Mxc+CvjEck44 +mYy+DvQ2pXuLFGbPd8Lm+sXknwbCiOCRSCgzcslnrjLk0+0S0s0I76fR4fsPPKNe +gs44ppAdWvC7ipwp3zl8qkvEMP1a2QNTF2rq3nKXH9wSgC3jr55r7fTDdLA69nQg +wiaqcIEpIHpj/50Raac11Q6v01T6kiDQlIzR9kgoa+zt+oOcZgA5IWJSz3R2nbB5 +XtjA1kLCAHPdSKK+byu78pKX58e6eFQDmNLejjDy3j9q1CyBTEo9ZACagk23lx6N +8L9vjRPETHM0GmM0N1zblLyxDJ1plsJ2s/LwJg5DuvYCIhE++XUHLJierTyBpfa2 +dtYevLUVkkbxTcdTleTw5NxLiJahrlkOyAhyUy15YtYKwJHcf6GXjz/rTgyg5mEm +mPwIQsb+oBMJT4D0jqzHFix9wxqLeecz+PCpE8t9kaBpTFTbIBlSGTDv8i/b6C5T +M8nRGJht1aieKFjR5HPl3zB35bhHtem79RG3ZO4pZx+xmSF/LsiKBUwkBnvtB1Cc +ucLRydHIoPygOG8R361d+COvVMHcQ+Xu6dIY9ozxpAYM2Udh29thJ2T4kGsyt3dZ +c2i0tQQPHXLKitO2WVTgQfgCCL5NHuM/egOajM4lUGr6lYS6XXmMQ8DoLGbVhH1i +Tij0okR6OQAjm3BSL5jRXI5B +=1eu2 -----END PGP SIGNATURE-----
