Version in base suite: 3.2.25-0+deb12u2

Base version: python-django_3.2.25-0+deb12u2
Target version: python-django_3.2.25-0+deb12u3
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/python-django/python-django_3.2.25-0+deb12u2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/python-django/python-django_3.2.25-0+deb12u3.dsc

 changelog                                         |   11 ++++++++
 patches/Workaround-changes-in-CVE-2025-6069.patch |   27 ++++++++++++++++++++++
 patches/series                                    |    1 
 3 files changed, 39 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpvtd6cn6m/python-django_3.2.25-0+deb12u2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpvtd6cn6m/python-django_3.2.25-0+deb12u3.dsc: no acceptable signature found
diff -Nru python-django-3.2.25/debian/changelog python-django-3.2.25/debian/changelog
--- python-django-3.2.25/debian/changelog	2026-02-23 23:32:59.000000000 +0000
+++ python-django-3.2.25/debian/changelog	2026-05-26 21:32:47.000000000 +0000
@@ -1,3 +1,14 @@
+python-django (3:3.2.25-0+deb12u3) oldstable-proposed-updates; urgency=medium
+
+  * The fix for CVE-2025-6069 in the python3.11 source package (released
+    as part of a suite of updates in 3.11.2-6+deb12u7) modified the
+    html.parser.HTMLParser class in such a way that changed the behaviour of
+    Django's strip_tags() method. As a result of this change, we update the
+    testsuite here for the newly expected results in order to prevent a build
+    failure. (Closes: #1137039)
+
+ -- Chris Lamb <lamby@debian.org>  Tue, 26 May 2026 14:32:47 -0700
+
 python-django (3:3.2.25-0+deb12u2) bookworm-security; urgency=high
 
   * CVE-2025-13473: The check_password function in
diff -Nru python-django-3.2.25/debian/patches/Workaround-changes-in-CVE-2025-6069.patch python-django-3.2.25/debian/patches/Workaround-changes-in-CVE-2025-6069.patch
--- python-django-3.2.25/debian/patches/Workaround-changes-in-CVE-2025-6069.patch	1970-01-01 00:00:00.000000000 +0000
+++ python-django-3.2.25/debian/patches/Workaround-changes-in-CVE-2025-6069.patch	2026-05-26 21:32:47.000000000 +0000
@@ -0,0 +1,27 @@
+From: Chris Lamb <lamby@debian.org>
+Date: Mon, 26 Jan 2026 13:22:33 -0800
+Subject: Workaround changes in CVE-2025-6069
+
+The changes to the html.parser.HTMLParser to fix CVE-2025-6069 caused a change
+of behaviour that affected Django's strip_tags.
+---
+ tests/utils_tests/test_html.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py
+index 5321341b2001..d4f1c6ae573c 100644
+--- a/tests/utils_tests/test_html.py
++++ b/tests/utils_tests/test_html.py
+@@ -89,10 +89,10 @@ class TestUtilsHtml(SimpleTestCase):
+             ('&gotcha&#;<>', '&gotcha&#;<>'),
+             ('<sc<!-- -->ript>test<<!-- -->/script>', 'ript>test'),
+             ('<script>alert()</script>&h', 'alert()h'),
+-            ('><!' + ('&' * 16000) + 'D', '><!' + ('&' * 16000) + 'D'),
++            ('><!' + ('&' * 16000) + 'D', '>'),
+             ('X<<<<br>br>br>br>X', 'XX'),
+             ("<" * 50 + "a>" * 50, ""),
+-            (">" + "<a" * 500 + "a", ">" + "<a" * 500 + "a"),
++            (">" + "<a" * 500 + "a", '>'),
+             ("<a" * 49 + "a" * 951, "<a" * 49 + "a" * 951),
+             ("<" + "a" * 1_002, "<" + "a" * 1_002),
+         )
diff -Nru python-django-3.2.25/debian/patches/series python-django-3.2.25/debian/patches/series
--- python-django-3.2.25/debian/patches/series	2026-02-23 23:32:59.000000000 +0000
+++ python-django-3.2.25/debian/patches/series	2026-05-26 21:32:47.000000000 +0000
@@ -35,3 +35,4 @@
 0037-CVE-2026-1285.patch
 0038-CVE-2026-1287.patch
 0039-CVE-2026-1312.patch
+Workaround-changes-in-CVE-2025-6069.patch