Your message dated Wed, 21 Jan 2015 13:04:01 +0000
with message-id <[email protected]>
and subject line Bug#775375: fixed in python-django 1.7.1-1.1
has caused the Debian Bug report #775375,
regarding python-django: CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
775375: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775375
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Version: 1.7.1-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerabilities were published for python-django.
CVE-2015-0219[0]:
WSGI header spoofing via underscore/dash conflation
CVE-2015-0220[1]:
Mitigated possible XSS attack via user-supplied redirect URLs
CVE-2015-0221[2]:
Denial-of-service attack against django.views.static.serve
CVE-2015-0222[3]:
Database denial-of-service with ModelMultipleChoiceField
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-0219
[1] https://security-tracker.debian.org/tracker/CVE-2015-0220
[2] https://security-tracker.debian.org/tracker/CVE-2015-0221
[3] https://security-tracker.debian.org/tracker/CVE-2015-0222
[4] https://www.djangoproject.com/weblog/2015/jan/13/security/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1.7.1-1.1
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Neil Williams <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 16 Jan 2015 23:05:55 +0000
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source all
Version: 1.7.1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Neil Williams <[email protected]>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 775375
Changes:
python-django (1.7.1-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2015-0219 - WSGI header spoofing via underscore/dash
conflation
* Fix CVE-2015-0220 - Mitigated possible XSS attack via
user-supplied redirect URLs.
* Fix CVE-2015-0221 - Denial-of-service attack against
django.views.static.serve
* Fix CVE-2015-0222 - Database denial-of-service with
ModelMultipleChoiceField
(Closes: #775375)
Checksums-Sha1:
1a9aaf9284f9b9253c0eeccf420e284c48806a7e 2661 python-django_1.7.1-1.1.dsc
071d1a477818a2c206b3f10013a820845607eaf8 38364
python-django_1.7.1-1.1.debian.tar.xz
296bf08f3f01109bb9bb52c802ac78439b1378f9 984116 python-django_1.7.1-1.1_all.deb
d543f9e2b096b9fc93eef9ebf78cea3a84ca17db 967486
python3-django_1.7.1-1.1_all.deb
c282193047ca8a83748fd2f61cb69f6f04666835 1495808
python-django-common_1.7.1-1.1_all.deb
ddf5a7034d98279cdc46283bf4c716ced0064c31 2485262
python-django-doc_1.7.1-1.1_all.deb
Checksums-Sha256:
bb957021a0d439e1ed016d02e0d66fb32853106ed212d08690424acdcd6868f1 2661
python-django_1.7.1-1.1.dsc
a05a224fe631de9b36701b68fca9f995b6b07b48d05c33a52c055178a3d66ba6 38364
python-django_1.7.1-1.1.debian.tar.xz
aa4f3cfbe9a84ffa2e0c0158a9922cd2792d164425746df904bbeef0ee454319 984116
python-django_1.7.1-1.1_all.deb
79a33b22746d01c93899ca416cca0d33657cf24ce47d29eeac0f010d471c3479 967486
python3-django_1.7.1-1.1_all.deb
58652a6f4c9a0c74ca16f9dec59838bf66db27a133ae9cfec4a6b0f04438e283 1495808
python-django-common_1.7.1-1.1_all.deb
8a85044be6ecc896e3280f82894b0537ce1521a023cbc7aaa69c7fd4091d3fa3 2485262
python-django-doc_1.7.1-1.1_all.deb
Files:
27ded32d65a1aa078ea4623a4ed8cf6b 2661 python optional
python-django_1.7.1-1.1.dsc
e63729be481e1f21071f554a0bf1c246 38364 python optional
python-django_1.7.1-1.1.debian.tar.xz
e26c2c02acd386be5e21a71ae6c91746 984116 python optional
python-django_1.7.1-1.1_all.deb
a87a397e668ec2f7358492a7b565cf0e 967486 python optional
python3-django_1.7.1-1.1_all.deb
66b248d107468f385def095feb55d080 1495808 python optional
python-django-common_1.7.1-1.1_all.deb
f14ca33269bd41bd59f6bdd3c1a3fdd8 2485262 doc optional
python-django-doc_1.7.1-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUulZVAAoJEPFn5DyBQ7aC6NoP/0KZ0xRrDVmTvvQP/rB/YDG5
a9xBM+7LPkwHw8mkhDegMOF31JHF4wAmzD5L5MXKvPYN5SGCPZcDJC6nlvP18kUJ
CLlzx6QbQIn5jcZfYV0eXkQGW0nAwzPlI+nulaLZl0SrKwA5VDAO+dq/yFRjRWfo
yL8x/EojIGZqcgemdi+GpYw+dlVnEeiBmUSMarPn+ZR0PyfCLOqELUcJ8tWso75d
ptt8z4co8pzuVn1UuzkS+jAcNE5CJ0TOX721GruNv/EhY6SuBkmE/j4f0ourYFRB
FbyDHDonFR6RT7o9FxYbU7o9WYn/w5+RqZQK/RXZLe1LQOOwxGYorLGkURxlIEa+
afQVSdz16WneAXIubvOYNXKN5leEOOUSkAaFTtew/Z6ugvUgfd62sZF8nS6ekAwJ
tH0/Rp9WYgwvEVjCJZv15DXZjbBzbolQhdRS8qYV0dgMECkrtzqW/hdIERfONMjt
2XjsXkSphvwIhZgCNEmjfDMGKZWuhj9Oema1oFG4NKEM6JiMTIiTR0X3jiCTwOVO
7aQ+6NDr2cfrMs+KFOVvgbDUeAlB39KQZQ0c4NKiA0yisFCq5sJGzCwTPGjRjC4k
6AzotkooeHe8liy5Rote1d2Y/9KIUGM9PmHQ2kDPuic0UQ5sZGknRCx02/OtnIPB
kr+rXt6JgqcuB9GAA70Z
=C4+E
-----END PGP SIGNATURE-----
--- End Message ---
