Your message dated Wed, 01 Aug 2018 15:20:18 +0000
with message-id <[email protected]>
and subject line Bug#905216: fixed in python-django 1:1.11.15-1
has caused the Debian Bug report #905216,
regarding python-django: CVE-2018-14574: Open redirect possibility in
CommonMiddleware
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
905216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Version: 1:1.11.14-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for python-django.
CVE-2018-14574[0]:
Open redirect possibility in CommonMiddleware
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574
[1] https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1:1.11.15-1
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 01 Aug 2018 23:06:03 +0800
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Built-For-Profiles: nocheck
Architecture: source all
Version: 1:1.11.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Chris Lamb <[email protected]>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 905216
Changes:
python-django (1:1.11.15-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2018-14574: Open redirect possibility in CommonMiddleware.
(Closes: #905216)
Checksums-Sha1:
3e7fc3f16eded38074dee6a0504fa6bddf121bc2 3160 python-django_1.11.15-1.dsc
dfcb521471a5364bebe5fe1c40ad01cdd48e23bf 7843843
python-django_1.11.15.orig.tar.gz
08b54b11b4ef30ac8790e22f85a1bcb049f00145 24728
python-django_1.11.15-1.debian.tar.xz
21226e02857fd9240c8163af894646529c8c294d 1535560
python-django-common_1.11.15-1_all.deb
4f1d2491e856c12a7c6a7aca97c5bd9b90d0f7b0 2631292
python-django-doc_1.11.15-1_all.deb
e1006cc04aa07cf9bf46381388b8d09d9b14f442 914668 python-django_1.11.15-1_all.deb
cb17bbe7c4847e449989fe6b5f1566c3008755f2 8547
python-django_1.11.15-1_amd64.buildinfo
7e873ad8729065dd974ae8968e892e5d24fba3b9 914500
python3-django_1.11.15-1_all.deb
Checksums-Sha256:
d42290e5f7c7e5d9f93324f283ba2e75244e4262370ebbdb2993600a3b7dc25b 3160
python-django_1.11.15-1.dsc
b18235d82426f09733d2de9910cee975cf52ff05e5f836681eb957d105a05a40 7843843
python-django_1.11.15.orig.tar.gz
b0a124a33f3f7f1f0111de11275d904bb43276bcd661b08e028b9e3ff4646abd 24728
python-django_1.11.15-1.debian.tar.xz
a0e459b1dc999524d44020b0cf6a3936fbe09d2f802c1c8f837b16db919e2bc8 1535560
python-django-common_1.11.15-1_all.deb
d39cce50af9e8e4e682371b64be6d2098a9907e3aa2d29c5ef38907ce90f45ee 2631292
python-django-doc_1.11.15-1_all.deb
b6d1c637b90c08b47e7412fcbad43c9b51d22e81c5a9a74ea72cceed91f00839 914668
python-django_1.11.15-1_all.deb
b3aed0aa81d36339d4650b3048a64a8a9fcd12675ec96b4822b9de478e391b05 8547
python-django_1.11.15-1_amd64.buildinfo
0c22b8497d7d83e165efcea72f24ceaf669c3ed026cac8d934d8e3128a3e813e 914500
python3-django_1.11.15-1_all.deb
Files:
2db29c052b2adf49664e1c44f4e54297 3160 python optional
python-django_1.11.15-1.dsc
9c25bc2575a2cd357bcc5764f809d29d 7843843 python optional
python-django_1.11.15.orig.tar.gz
ef6abf6ea08be6ab00fd816139d37da3 24728 python optional
python-django_1.11.15-1.debian.tar.xz
d9b09c8cc0925e7f0aeb4a6d64259e53 1535560 python optional
python-django-common_1.11.15-1_all.deb
9738bd672d2d9dc6aae3f66f603a5dc4 2631292 doc optional
python-django-doc_1.11.15-1_all.deb
2bf0562ab3ad52b567fb8a1f09f8623a 914668 python optional
python-django_1.11.15-1_all.deb
ad08153822fb4bcb8f383364169e725a 8547 python optional
python-django_1.11.15-1_amd64.buildinfo
8874c507de7b1c0c457a89db6f2202de 914500 python optional
python3-django_1.11.15-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlthzaQACgkQHpU+J9Qx
HljY3Q/+IFouCmclQC4RIqKAoCvmGq0DNnRHNWs2Ti7ZJhueReiXdtXbSQJ59DoO
hs5z9RHSY8Q7UR69AMR3TkAvVWv3w0oa36W/5SJqoyM8wCjMt7wSxIDqXaSmUQfF
FP7BUARUFLel1BZn6chE/k4JrwXxO8H516XUjrlC4ydUhWdt6bRo7Az4g9KorWjM
9bBZY70cGpGAlo2n20Kf03l/JhABLDiorluAWUp9vN7MylxM9/5eWQG58G2csmNL
0slUWlqPsvN2TVcJIukw+GUmqsh7M0BgUxa4glOnH/B6k0PuKbKSZXlmsewpcUEi
iyPtnSh8U4UqXBitYCWnnNqYKz0RgcoLlvknfnJXy578EEtBuozVT1OKBUJl1i0R
Xg9e/xMgOp9AU7S5Iai+6Znwbr7NqsvFCws+NZ0aFNMG+o5QOHnPwryoavjiFrvz
L5aEKMJG8uJU6dos/2oMg72d5swCXSv5yOQ1EBabQ/Bc6VRFZqHpHFm+gDj76tjM
WBCcqi5kaPV3l4xPffsPuF5WINOnFWUgNNNwjTObFzhMPcvlsP2uAo4e+1c+ovOF
RDvgUAGRES3fM1A/+xW3T4viPiI0/+d6uKvp4TRL08jcsjTmMoFsQT8d+5aaR3WH
a05Hai93ZSqJaVxoE+MnFiG1PUqEx9KsjWjVWEbPuDNakib16Xo=
=Oq32
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
