Your message dated Mon, 04 Sep 2023 18:24:12 +0000 with message-id <e1qdefa-007skk...@fasolo.debian.org> and subject line Bug#1051226: fixed in python-django 3:3.2.21-1 has caused the Debian Bug report #1051226, regarding python-django: CVE-2023-41164 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1051226: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051226 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1:1.11.29-1+deb10u9 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2023-41164[0]: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri(); this was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-41164 https://www.cve.org/CVERecord?id=CVE-2023-41164 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 3:3.2.21-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1051...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 04 Sep 2023 11:02:53 -0700 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 3:3.2.21-1 Distribution: unstable Urgency: high Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 1051226 Changes: python-django (3:3.2.21-1) unstable; urgency=high . * New upstream security release: . - CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri(). This method was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. (Closes: #1051226) . <https://www.djangoproject.com/weblog/2023/sep/04/security-releases/> . * Refresh patches. Checksums-Sha1: a2bc24a5f42f4b72c50a06cd7655f96f39dc9ca1 2807 python-django_3.2.21-1.dsc 3b5106ad5bba06c2a79e50a22e1524f5f272522a 9836824 python-django_3.2.21.orig.tar.gz 53a2649481755d92c3d5c08e8829e9088e8cffac 39004 python-django_3.2.21-1.debian.tar.xz 915518c901d0876977e9c0edb4692872b7973fd8 8026 python-django_3.2.21-1_amd64.buildinfo Checksums-Sha256: 5eee722e0e7199ba8dca4693af8d407b8f03598bf8cb5640aa1a55326c0add51 2807 python-django_3.2.21-1.dsc a5de4c484e7b7418e6d3e52a5b8794f0e6b9f9e4ce3c037018cf1c489fa87f3c 9836824 python-django_3.2.21.orig.tar.gz 2f6891c4f1794e596bdb23460c278a634426b71ad83bc6e0957b52a5d377d813 39004 python-django_3.2.21-1.debian.tar.xz 4f8cfbd5b7c16bd37f1cf6e0fa1e3d34d80d91e339820d2066a5849edf40320e 8026 python-django_3.2.21-1_amd64.buildinfo Files: a6fd9381522738922ee064d6f371d8ce 2807 python optional python-django_3.2.21-1.dsc 38c4eba2d11374a9c1dd73300df7771d 9836824 python optional python-django_3.2.21.orig.tar.gz 228f6791c4842c56447b701f33b37833 39004 python optional python-django_3.2.21-1.debian.tar.xz c4013e39acea3e521dfee71275378348 8026 python optional python-django_3.2.21-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmT2HOIACgkQHpU+J9Qx HlgXLw//btF3bQ2VCdjRzE9TrEwmSLENoMcAVVNki41Yqt86kt1J4uenvmXpUni/ 2T+V2E4nqXw0nFzqTbAPPBoJPeMjiwO0oLTGqtm8KC+8w/tJsE+J8+QjZ9HNSbTU yi+4uEOBiPLsX5WwNfrAF+/j5D20QLbvnZZd1UfjrGtyVrzy+xMMEtO7HziYy9Pl vFjhdSDf0vm/bNcf7f0av5XC+405nrwzhPL4dTj+CmMKKK4CGxJg8BxDIsYkae+V 6A6tD6ZrXybnmgy4+ip15d8ISfQxbV5a8H6uWl8tjKfQzXHEr5wafDN8V1tjMyxw Fn9GP9P6kOn5DVf0TGqvNBb1GTy/beuo01Ck2veB16WCth2BzGiAb8hbdEIhtZXI 32HLs7GiUa4IjqBgIIvGVXurVYcnsgbi08bKTvO3dJQmz66/EusOoP4oNmJM4HFL ztxoWXAchgrb9iWiwv/xN0IggqGUzkn2GdH0EK5EldIE0bFxwUBCvDRSWdsXGh8N fc9lZIn4sUGCyRt0K8vlLyF7I9OXS5C2UU+4vPy6uaDXPtvFS6eM4lia7TlG/dnV Apz0aKvdhGqLfUv3fyWSUgNDFl7bksmWHFtjO0D1CusK1Qx1wekAZwNosnQurrVu efqIbcAAHAtBkRMgsayPt17+bgsGNHplqLYD97tyg1zXIw+ZFFQ= =Vuv3 -----END PGP SIGNATURE-----
--- End Message ---
