Your message dated Mon, 04 Sep 2023 18:07:22 +0000 with message-id <e1qddys-007m1q...@fasolo.debian.org> and subject line Bug#1051226: fixed in python-django 3:4.2.5-1 has caused the Debian Bug report #1051226, regarding python-django: CVE-2023-41164 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1051226: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1:1.11.29-1+deb10u9 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2023-41164[0]: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri(); this was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-41164 https://www.cve.org/CVERecord?id=CVE-2023-41164 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 3:4.2.5-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1051...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 04 Sep 2023 10:41:05 -0700 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 3:4.2.5-1 Distribution: experimental Urgency: high Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 1051226 Changes: python-django (3:4.2.5-1) experimental; urgency=high . * New upstream security release: . - CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri(). This method was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. (Closes: #1051226) . <https://www.djangoproject.com/weblog/2023/sep/04/security-releases/> Checksums-Sha1: bbae6d0f24d251bbd07638005d6f0a62179293e0 2782 python-django_4.2.5-1.dsc 30bc939dc9135daef931499a936a26e1670b2267 10418606 python-django_4.2.5.orig.tar.gz b0896524f9747da417324d3dbc55a4c5e26fd84f 28840 python-django_4.2.5-1.debian.tar.xz acb89039f32a1cbf6c27fef2e4184f668f2438ed 7854 python-django_4.2.5-1_amd64.buildinfo Checksums-Sha256: d5d4f32350465fc257381bb53ebbd7aaa31f992c7a81c7392a56f0324225606d 2782 python-django_4.2.5-1.dsc 5e5c1c9548ffb7796b4a8a4782e9a2e5a3df3615259fc1bfd3ebc73b646146c1 10418606 python-django_4.2.5.orig.tar.gz 4acbc609f213c7d7fb02e63f2ecfb9fffb8830753b165ef309758f572d3fc72f 28840 python-django_4.2.5-1.debian.tar.xz c2a9c8a8d1671cac80eb0c826606350973a77d13aa07784998d75999f18aac05 7854 python-django_4.2.5-1_amd64.buildinfo Files: 269d75d080a8eeeed63dc85a72bde6c8 2782 python optional python-django_4.2.5-1.dsc 63486f64f91bdc14a2edb84aa3001577 10418606 python optional python-django_4.2.5.orig.tar.gz a1c9b739517b21e0f0846ba377b5b5e8 28840 python optional python-django_4.2.5-1.debian.tar.xz ca5e0d7271bb881e2599a88da4d77243 7854 python optional python-django_4.2.5-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmT2GPYACgkQHpU+J9Qx HlivzQ//aRWH/OdXbnfIYWAyDW69w2tyaduNt5fHfTdZWEWgPlV2dLlXqHHLmOfG W3IOF4yGKO6S/jWRu+xRTB3Lg9qJ04Ov33MuENGZdAOq5SaG7EVuCbQrTfgV4zIP NMNUMVntARQMv6n2m08glPNxR2khEddzT4NlgHPUSyaJcENmMQ/i6H61SgYA0VGt mv0VhJzr7Yskmyq4zscNSW2SCsUGpbWcHgNSpPYkkH23WXLvAT2Rl1ZkSKhPGLlt NFKhRZSjOCmcplfYkNtSJ+T65sNmpeEJGn3Vjeku0qScG7eG6/uX61vTgqaK67T+ sZ0+bfrLU1sSTRJqOXiMKTRlBXNxgoOMVmKoOuxdHWf019S8tHzvkw0tiZa7HKom CNyJO4JXpULuwg85BT0zN+oXk81JWZnCIFvFsdbtL6HqRcM1TudGL0KCAk9HEPnp vp29D/D2kBkjRUb2va/vx89DvmpysrvBRArK+pcF+s50wXki08I2/D2O8/lMufLF 1MDiqwt7mqSWEhEH6xFuywU3TF5plstMeJ5y6n3NokWLkKck5kUUu/76QOB+KVo7 dohuvRGoX7G5sUgP33V4Vpx/xmHA6rqgV+vm3ht5IQzyuwhFVPKZqS6AtzIAmHf4 AdI5wgxrWoJfI4h8K8zN7YjE+aMvvNbgpr4vCaatYS3eQo+Jp6U= =nfUX -----END PGP SIGNATURE-----
--- End Message ---
