Your message dated Sat, 21 Jul 2018 11:11:20 +0200
with message-id <[email protected]>
and subject line Re: Bug#904138: python-django: Update python-django backports
has caused the Debian Bug report #904138,
regarding python-django: Update python-django backports
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
904138: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904138
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Severity: normal
Dear Maintainer,
The python-django Debian package - stable-sec - is CVE-2017-12794
vulnerable. Probably because stable-bpo offers 1:1.11.10-1.
But version 1:1.11.11-1 also has a security fix - CVE-2018-7536. And
version 1:1.11.14-1 is on testing since 2018-07-05. Fifteen days.
Can version 1:1.11.14-1 be part of backports? I volunteer if necessary.
Regards,
Herbert
-- System Information:
Debian Release: 9.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-7-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8),
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Hi,
On Fri, 20 Jul 2018, Herbert Parentes Fortes Neto wrote:
> Dear Maintainer,
>
> The python-django Debian package - stable-sec - is CVE-2017-12794
> vulnerable.
It's just that the CVE has been marked as not urgent. It only affects
sites running DEBUG=True which none should do in production.
> But version 1:1.11.11-1 also has a security fix - CVE-2018-7536. And
> version 1:1.11.14-1 is on testing since 2018-07-05. Fifteen days.
>
> Can version 1:1.11.14-1 be part of backports? I volunteer if necessary.
Thanks for the nudge, the backports has been updated by Chris Lamb.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
