On Mon, Sep 02, 2019 at 10:36:58PM +0200, Salvatore Bonaccorso wrote: > Hi Chris, > > On Mon, Sep 02, 2019 at 02:07:55PM +0100, Chris Lamb wrote: > > Chris Lamb wrote: > > > > > > > +python-django (1:1.11.23-1~deb10u1) buster-security; urgency=high > > > > > > > > Thanks, these both look good; please upload to security-master. > > > > > > Both uploaded to security-master. > > > > There is now a 1.11.24 (ie. 1:1.11.24-1~deb10u1) upstream: > > > > https://docs.djangoproject.com/en/2.2/releases/1.11.24/ > > > > Shall I go ahead and upload or was .23 already accepted? > > Looking at the above change, following the upstream ticket at > https://code.djangoproject.com/ticket/30672 this does not look like > this is neither a real new regression nor a very exposed > functionality (the upstream issue speaks of a undocumented and > untested usage). > > Thus (if this is true), this does not really warrant another upload, > but rather will automatically be fixed in a subsequent (and likely > arising) update anyway.
Agreed, I'm pretty sure this wasn't the last Django DSA ever :-) Cheers, Moritz