python-django (2:4.1~alpha1-1) [PTS] [DDPO]

OLD: VCS is behind the version in the archive: 2:3.2.13-1 < 2:4.1~alpha1-1.

Git: https://salsa.debian.org/python-team/packages/python-django.git
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/sid
Path: debian/changelog
Browser: https://salsa.debian.org/python-team/packages/python-django
Last scan: 2022-05-18 21:32:31+00
Next scan: 2022-05-26 14:58:00+00

Debian changelog in Git:

python-django (2:3.2.13-1) unstable; urgency=high

  * New upstream security release:

    - CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
      aggregate(), and extra().

      QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
      injection in column aliases, using a suitably crafted dictionary, with
      dictionary expansion, as the **kwargs passed to these methods.

    - CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
      on PostgreSQL.

      QuerySet.explain() method was subject to SQL injection in option names,
      using a suitably crafted dictionary, with dictionary expansion, as the
      **options argument.

    See <https://www.djangoproject.com/weblog/2022/apr/11/security-releases/>
    for more info.

 -- Chris Lamb <lamby@debian.org>  Tue, 12 Apr 2022 18:22:30 +0200

This branch is even with tag debian/2%3.2.13-1