Your message dated Mon, 07 Mar 2016 19:02:17 +0000
with message-id <[email protected]>
and subject line Bug#816434: fixed in python-django 1.9.4-1
has caused the Debian Bug report #816434,
regarding CVE-2016-2512 and CVE-2016-2513
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
816434: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816434
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Version: 1.9.2-1
Severity: important
Tags: security
Today Django published an advisory for 1.9.3 and 1.8.10.
I am investigating whether stable is affected; it is likely.
https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2512
> Malicious redirect and possible XSS attack via user-supplied redirect URLs
> containing basic auth
CVE-2016-2513
> User enumeration through timing difference on password hasher work factor
> upgrade
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1.9.4-1
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luke Faraone <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 07 Mar 2016 17:09:54 +0000
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source all
Version: 1.9.4-1
Distribution: unstable
Urgency: high
Maintainer: Luke Faraone <[email protected]>
Changed-By: Luke Faraone <[email protected]>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 816434
Changes:
python-django (1.9.4-1) unstable; urgency=high
.
[ Luke Faraone ]
* New upstream security release:
https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
- CVE-2016-2512: Malicious redirect and possible XSS via user-supplied
redirect URLs containing basic auth
- CVE-2016-2513: User enumeration through timing difference on password
hasher work factor upgrade
Closes: #816434
.
[ Raphaƫl Hertzog ]
* Fix rules file to no longer mess with *_templates directories. They no
longer contain invalid .py files but only *-tpl template files that are
instantiated at runtime.
Checksums-Sha1:
66237011758e1edf04a441a6234089c6b335ecba 2763 python-django_1.9.4-1.dsc
30848b412df1f07b35ef280545900864d4d61cc7 7426995
python-django_1.9.4.orig.tar.gz
4c0947d679ecaf5f210b8f3086afa8fa664057b3 25596
python-django_1.9.4-1.debian.tar.xz
8410a1a28e2c17f58e3f949edb4a9fa8bf1afa51 1463874
python-django-common_1.9.4-1_all.deb
60e017d5d17bd99b5197d22411b014acedd4c3d6 2444434
python-django-doc_1.9.4-1_all.deb
2a3c62a63f6640a786e9fc9835c560cd6240bc75 893294 python-django_1.9.4-1_all.deb
120edfd2bdb3352f1883d6c03430f181983a2c29 875210 python3-django_1.9.4-1_all.deb
Checksums-Sha256:
a607b3739d3e4489c1f17cae89edd8d51955472d6c17c42d60db5161dc318bbc 2763
python-django_1.9.4-1.dsc
ada8e7aa697e47c94b5660291cc0a14bb555385e0898da0a119d8f4b648fbde9 7426995
python-django_1.9.4.orig.tar.gz
c6427eeff6cccfdc2bb2295accd1acaa1d45af829e697d95a8aaa63e067b8450 25596
python-django_1.9.4-1.debian.tar.xz
33f53ba12f1d804d78bae7c83954c1422aa32abd0d32308db590bdcc2d738760 1463874
python-django-common_1.9.4-1_all.deb
eb2ccd55ed989fe0d941a299918b5eb0081d251b693dcfbcb7f398cc996c21a5 2444434
python-django-doc_1.9.4-1_all.deb
19845d92076548d47999585891d5c85d1b2543344b7ffb41a4145437f194f047 893294
python-django_1.9.4-1_all.deb
d197ed5d15b2ccff9e1bf5710bd7654bd18a756b270d4007d70dbeccd98dee9c 875210
python3-django_1.9.4-1_all.deb
Files:
88c40d9ae82a26ed73e5e47b4876e7fb 2763 python optional python-django_1.9.4-1.dsc
e8d389532e248174a9859f2987be6a04 7426995 python optional
python-django_1.9.4.orig.tar.gz
e33f818635d2022eb263439ef61d5906 25596 python optional
python-django_1.9.4-1.debian.tar.xz
2830c271e6f8df238c0c5f6f11ea2ce2 1463874 python optional
python-django-common_1.9.4-1_all.deb
e45b78a081c39abd83b7cc65b378d650 2444434 doc optional
python-django-doc_1.9.4-1_all.deb
685687b2cfcf4cd7d11ebdf5b6da3c72 893294 python optional
python-django_1.9.4-1_all.deb
404308e7e851436c6e80f70c1891c714 875210 python optional
python3-django_1.9.4-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJW3cWDAAoJENjr+MERubUguUUP+wbCtajt2xsyKKkZZp6AgjZF
r8A/gF4C0FiBvOKpq26I4gZClX3TijsHtJXQ87TftugnYyF4WXOBFLM4uW18NmaS
WJuE2YJxS35qG1Tho/2dUgX984WluyuDQX/Xurh6KCCWvTDcwYDTV9Y6BETl4+S1
uWUPKGOowqGDDqY/hSL9iEo7VFFnlXzGD6s3O86Z9ZiYnnF9/SI5XrZEzBsT9zWI
k0l40OxEqLGEJs6XrVLmeJ8BkvB9PggFzvdYzWUsJO8BxfDP79CvoaLIJeFNQgkj
Nlim6EZ2Xri3o0+tBQr5wNybBmEYETaaTgVzvtIMF+/wQH979BxWE3rmVe1ySDjn
C6/wImNKBDoLBUCtWEhXxa4UXep6n1sElLVSnqTmPg/msq49fIBMOWldocC+KwQl
M7dLe8RZHwNaauYhfCxG88EOiu5+nELeWHnSCABFrbJY5PAPAI0+caXfKP92atm4
8BKD57wv6ZH6vzEbLYAn+9fmCTbuooO+olhgHquo1YkPadl9nhaJZjylBbEyQxDP
UhExkgnfjf5WBaO3RSUxRbdKTgI1uo15ElfIVjHoVQm0UZOL6Q9Af/LnR7Zj909q
OQngNPfzFOEOmvDOGwsIbSKO22WyTBslAidfKAK3V29xp1ewaTBX164QEhp8Zdc9
xBfZtr0rRLTYA4o8viNL
=94vo
-----END PGP SIGNATURE-----
--- End Message ---
