Version in base suite: 4.2.28-0+deb13u1 Base version: python-django_4.2.28-0+deb13u1 Target version: python-django_4.2.28-0+deb13u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/python-django/python-django_4.2.28-0+deb13u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/p/python-django/python-django_4.2.28-0+deb13u2.dsc changelog | 11 ++++++++ patches/0006-Workaround-changes-in-CVE-2025-6069.patch | 23 +++++++++++++++++ patches/series | 1 3 files changed, 35 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpl53nqlhp/python-django_4.2.28-0+deb13u1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpl53nqlhp/python-django_4.2.28-0+deb13u2.dsc: no acceptable signature found diff -Nru python-django-4.2.28/debian/changelog python-django-4.2.28/debian/changelog --- python-django-4.2.28/debian/changelog 2026-02-18 22:44:14.000000000 +0000 +++ python-django-4.2.28/debian/changelog 2026-05-26 21:35:49.000000000 +0000 @@ -1,3 +1,14 @@ +python-django (3:4.2.28-0+deb13u2) stable-proposed-updates; urgency=medium + + * The fix for CVE-2025-6069 in the python3.13 source package (released + as part of a suite of updates in 3.13.5-2+deb13u2) modified Python's + html.parser.HTMLParser class in such a way that changed the behaviour of + Django's strip_tags() method. As a result of this change, we update the + testsuite here for the newly expected results in order to prevent a build + failure. (Closes: #1137039) + + -- Chris Lamb Tue, 26 May 2026 14:35:49 -0700 + python-django (3:4.2.28-0+deb13u1) trixie-security; urgency=high * New upstream security release: diff -Nru python-django-4.2.28/debian/patches/0006-Workaround-changes-in-CVE-2025-6069.patch python-django-4.2.28/debian/patches/0006-Workaround-changes-in-CVE-2025-6069.patch --- python-django-4.2.28/debian/patches/0006-Workaround-changes-in-CVE-2025-6069.patch 1970-01-01 00:00:00.000000000 +0000 +++ python-django-4.2.28/debian/patches/0006-Workaround-changes-in-CVE-2025-6069.patch 2026-05-26 21:35:49.000000000 +0000 @@ -0,0 +1,23 @@ +From: Chris Lamb +Date: Fri, 22 May 2026 11:20:52 -0700 +Subject: Workaround changes in CVE-2025-6069 + +--- + tests/utils_tests/test_html.py | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py +index a5acc582f7b4..9c5f5e7ecc6f 100644 +--- a/tests/utils_tests/test_html.py ++++ b/tests/utils_tests/test_html.py +@@ -116,9 +116,7 @@ class TestUtilsHtml(SimpleTestCase): + (3, 8): (3, 8, math.inf), + } + major_version = sys.version_info[:2] +- htmlparser_fixed_security = sys.version_info >= min_fixed_security.get( +- major_version, major_version +- ) ++ htmlparser_fixed_security = True + htmlparser_fixed_incomplete_entities = ( + sys.version_info + >= min_fixed_incomplete_entities.get(major_version, major_version) diff -Nru python-django-4.2.28/debian/patches/series python-django-4.2.28/debian/patches/series --- python-django-4.2.28/debian/patches/series 2026-02-18 22:44:14.000000000 +0000 +++ python-django-4.2.28/debian/patches/series 2026-05-26 21:35:49.000000000 +0000 @@ -3,3 +3,4 @@ 0004-Use-locally-installed-documentation-sources.patch 0004-Set-the-default-shebang-to-new-projects-to-use-Pytho.patch py313-test-help-default-options-with-custom-arguments.patch +0006-Workaround-changes-in-CVE-2025-6069.patch