1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1106747: marked as done (django-select2: CVE-2025-48383) (2/2)

    From Debian Bug Tracking System@1:229/2 to All on Fri May 30 02:30:01 2025
    [continued from previous message]

    upmrLWSuipcTZ9OWB969dZ4YHhTwf+u3WkHqkevD+8iY7+U/+WDLDzjPhhq0aBOYS+wfBO7RQGr2K
    +NqzalCOGVmW2UWhc9pUY/2b6cedZtgQEsx3wk4IxBjBv2T0a4m+KSLNvdscdu+CxI+VCq+ID7gIm
    hD4HImgA==;
    Received: from dak by fasolo.debian.org with local (Exim 4.94.2)
    (envelope-from <envelope@ftp-master.debian.org>)
    id 1uKnSk-007OBD-FY; Fri, 30 May 2025 00:19:06 +0000
    From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
    Reply-To: Colin Watson <cjwatson@debian.org>
    To: 1106747-close@bugs.debian.org
    X-DAK: dak process-upload
    X-Debian: DAK
    X-Debian-Package: django-select2
    Debian: DAK
    Debian-Changes: django-select2_7.10.0-2_source.changes
    Debian-Source: django-select2
    Debian-Version: 7.10.0-2
    Debian-Architecture: source
    Debian-Suite: unstable
    Debian-Archive-Action: accept
    MIME-Version: 1.0
    Subject: Bug#1106747: fixed in django-select2 7.10.0-2
    Content-Type: multipart/signed; micalg="pgp-sha256";
    protocol="application/pgp-signature";
    boundary="===============5736119253748525998=="
    Message-Id: <E1uKnSk-007OBD-FY@fasolo.debian.org>
    Date: Fri, 30 May 2025 00:19:06 +0000

    --===============5736119253748525998==
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable

    Source: django-select2
    Source-Version: 7.10.0-2
    Done: Colin Watson <cjwatson@debian.org>

    We believe that the bug you reported is fixed in the latest version of django-select2, which is due to be installed in the Debian FTP archive.

    A summary of the changes between this version and the previous one is
    attached.

    Thank you for reporting the bug, which will now be closed. If you
    have further comments please address them to 1106747@bugs.debian.org,
    and the maintainer will reopen the bug report if appropriate.

    Debian distribution maintenance software
    pp.
    Colin Watson <cjwatson@debian.org> (supplier of updated django-select2 package)

    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org)


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 30 May 2025 00:53:51 +0100
    Source: django-select2
    Architecture: source
    Version: 7.10.0-2
    Distribution: unstable
    Urgency: medium
    Maintainer: Debian Python Team <team+python@tracker.debian.org>
    Changed-By: Colin Watson <cjwatson@debian.org>
    Closes: 1106747
    Changes:
    django-select2 (7.10.0-2) unstable; urgency=medium
    .
    * Team upload.
    * CVE-2025-48383: Fix leak of secret access tokens across requests
    (closes: #1106747).
    * use-local-select2.patch: Update tests to match.
    * Fix running of tests during build.
    * Enable autopkgtest-pkg-pybuild.
    Checksums-Sha1:
    d6aa56ec16a0c70dd87053f16f1e4a997d24214d 2437 django-select2_7.10.0-2.dsc
    5a0fe3a029e7fdc163085cdeb7e936398c0d1de2 4592 django-select2_7.10.0-2.debian.tar.xz
    Checksums-Sha256:
    ad2a5de52c579003f397e0239eedf0f2d87a74e3e515f5f49385ff42b87eef82 2437 django-select2_7.10.0-2.dsc
    a2d69101c608a7f0417704c028efa3cdd6059cbf29b7639b2d16c0f76e89eab2 4592 django-select2_7.10.0-2.debian.tar.xz
    Files:
    0b383d65385ea28f1a80defc32a3d13d 2437 python optional django-select2_7.10.0-2.dsc
    a1a6ee2e2149b79d18ddcef806466d3f 4592 python optional django-select2_7.10.0-2.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmg48+0ACgkQOTWH2X2G UAvkGw/+Ma2B7BgxuwH7yFituc8hDja/5Y+Kw1mrNYdXs8ReOZJLTvcLRt/82AaD U35y9uaxqn9TPeSqOy/GtT6Wkz23KcrzBtKB1Fkttnkd69bTcs2p2RduYV2q3I1C FC6nRPwgNBPv0J93WwU3ibOfv8lR7IuJCE8JSiPw5SC90Jtnv8VNqzC9uhaKcfce 2mzYdJpp4EO7dISYj/EVvF+FwEESlYE9LJ23JakozIkqMyV/1geh1P1iMECf1vzi DaoGa6dRtAnAG9lZJpGx2maWHIPaUXYU44XxbVMsqTj5FHvgPVmUGUSXTC0CW0lO YSTWNJvk3POXSje2VDMG4KleSX5XjcQrMjteFV6eeSPJ0z4o+JSdY9GT2gnVJKdE WTUvUXe9VqZZWbqIJqbUlW/cBsvCW1VFrU0Gna/Nbneb+wzGbxktmjGUpRZJTDXv srchKzRtJOkVJKAdXj67ehkY4G5Rjmq5kF9OwHvdmwEzborkpo57vp2PybntRuC8 RATZm6My2fChPDUGIH7d61XuAfT+FlzIHHNRD/SBRhnAa9up5FXoepmBL7P+aa4G 62PdjGKLNY7LOwy8Cair4JRSgdqD12NKQpRf/7FDlakY7QbjKVZiTkZcb8lUDsCd AbuGX13/jII1l8kyWmwGOSE+8x6uUY06Qih7tFkwKLAt1PCwBAk=
    =eBuK
    -----END PGP SIGNATURE-----


    --==============W36119253748525998=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaDj5egAKCRCb9qggYcy5 IehJAP9+x1R8CTfMbwIjbZAx/vX4GEgwYO+zfJvgazzx9tay7gEAx2E71hzbQEna F5KBRHc5nUDV/Vy2fWR8p+iNH/etsgA=Vx5K
    -----END PGP SIGNATURE-----

    --==============W36119253748525998==--

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)