Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1e179266 by Chris Lamb at 2022-11-03T12:01:34+00:00 dla-needed.txt: (Re-)claim python-django - - - - - 1 changed file: - data/dla-needed.txt Changes: ===================================== data/dla-needed.txt ===================================== @@ -200,10 +200,15 @@ protobuf NOTE: 20221031: Programming language: Several. NOTE: 20221031: Note the 'Note' that one of the CVEs affects the generated code and must therefore get special attention from the application developer using protobuf. -- -python-django +python-django (Chris Lamb) + NOTE: 20220911: Some issue was fixed in stretch so it should also be fixed for buster. + NOTE: 20221018: There are 4 CVEs on the debian/buster branch that are seemingly unreleased: CVE-2020-24583, CVE-2020-24584, CVE-2021-3281 and CVE-2021-23336. (lamby) + NOTE: 20221018: This leaves 8 CVEs that need fixing, either simply because the code is vulnerable or the issue has already been fixed in stretch: CVE-2022-34265, CVE-2022-28346, CVE-2022-23833, CVE-2022-22818, CVE-2021-33571, CVE-2021-33203, CVE-2021-31542 & CVE-2021-28658 (lamby) + NOTE: 20221027: To clarify, only the first CVE mentioned in the previous comment (CVE-2022-34265) is vulnerable and not fixed in stretch, and the other seven have already been fixed in stretch. I plan to fix these remaining 1 CVE and release (with 5 total CVEs) instead of trying to co-ordinate a release with 12 (!) new patches. I can address them later. (lamby) NOTE: 20221031: Programming language: Python. NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/python-django.git NOTE: 20221031: Special attention: Chris Lamb is the maintainer. + NOTE: 20221103: Re-added pre-20221031 comments from Git and reclaimed; will upload at least CVE-2022-28346 soon. (lamby) -- python-scciclient (Dominik George) NOTE: 20221009: Programming language: Python. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e1792663d30a475b6f1da7689fee40e762c054e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e1792663d30a475b6f1da7689fee40e762c054e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
