Your message dated Thu, 09 Aug 2018 05:35:27 +0000
with message-id <[email protected]>
and subject line Bug#905216: fixed in python-django 1:1.10.7-2+deb9u2
has caused the Debian Bug report #905216,
regarding python-django: CVE-2018-14574: Open redirect possibility in
CommonMiddleware
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
905216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Version: 1:1.11.14-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for python-django.
CVE-2018-14574[0]:
Open redirect possibility in CommonMiddleware
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574
[1] https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1:1.10.7-2+deb9u2
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 03 Aug 2018 15:11:16 +0800
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source all
Version: 1:1.10.7-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Chris Lamb <[email protected]>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 874415 905216
Changes:
python-django (1:1.10.7-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-14574: Fix an open redirect possibility in CommonMiddleware.
If the django.middleware.common.CommonMiddleware and the APPEND_SLASH
setting were both enabled, and if the project has a URL pattern that
accepted any path ending in a slash then a request to a maliciously crafted
URL of that site could lead to a redirect to another site, enabling
phishing and other attacks. (Closes: #905216)
* CVE-2017-12794: Fix a cross-site scripting attack in the technical HTTP 500
page. This vulnerability did not affect production sites as they typically
do not run with "DEBUG = True". (Closes: #874415)
Checksums-Sha1:
d4d06dbb55c65852065648f3c52c3549b9dfb070 2804 python-django_1.10.7-2+deb9u2.dsc
5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654
python-django_1.10.7.orig.tar.gz
3199a75fd024170733fbf2e37594ac63e337c0ed 36080
python-django_1.10.7-2+deb9u2.debian.tar.xz
b8ddf9e3b3f62f25cf37c6302b46af6b0d81a783 1513558
python-django-common_1.10.7-2+deb9u2_all.deb
db77dfc3afd2f56d4651ed097b8b1e81c182602e 2532012
python-django-doc_1.10.7-2+deb9u2_all.deb
2e23e245432e6542b46754a907ad5cd7e9c3cc8b 903406
python-django_1.10.7-2+deb9u2_all.deb
d5b065462ec015c0880f0498531f28d09b65d491 9264
python-django_1.10.7-2+deb9u2_amd64.buildinfo
1d44e145cb74b7b15b41078a61b1d928075648e6 885284
python3-django_1.10.7-2+deb9u2_all.deb
Checksums-Sha256:
ebc070b0ac89ef5366033ed3a65d7186cb69e50439f141c3453a4e28339ef381 2804
python-django_1.10.7-2+deb9u2.dsc
593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654
python-django_1.10.7.orig.tar.gz
c6635a5f8952d2b955c7e3bcfe41035055ed2962992d5221d99d224d7e16886b 36080
python-django_1.10.7-2+deb9u2.debian.tar.xz
39c5353d2b3340cf89003bf55b4dc7f8a2e286586d282fc4d8e583ed1ecbc969 1513558
python-django-common_1.10.7-2+deb9u2_all.deb
f1675e269447784180af0ea000034237b7d38d1b1f5374332dcae597d010502a 2532012
python-django-doc_1.10.7-2+deb9u2_all.deb
2340be6efff9397bb824dc01b58088aac847212e84c2d7a0cc01efdd062a83a5 903406
python-django_1.10.7-2+deb9u2_all.deb
642f82f6d6afb6a6f5f1ba1d68275c1f999019ef5d000dadc0b93f2d2bd006e4 9264
python-django_1.10.7-2+deb9u2_amd64.buildinfo
1574f3e292dff909d1e05418c7a38c4003bff69f28456a847cbeadd17eac5673 885284
python3-django_1.10.7-2+deb9u2_all.deb
Files:
0deb756e1e4525802024155e7e57a34d 2804 python optional
python-django_1.10.7-2+deb9u2.dsc
693dfeabad62c561cb205900d32c2a98 7737654 python optional
python-django_1.10.7.orig.tar.gz
462ff484065d741dfc4ddd100a9d5c03 36080 python optional
python-django_1.10.7-2+deb9u2.debian.tar.xz
d9d238ed3a2ce33c7c4f7c864c95171f 1513558 python optional
python-django-common_1.10.7-2+deb9u2_all.deb
c50ec227e86bb8f1cb1d949a7844cd01 2532012 doc optional
python-django-doc_1.10.7-2+deb9u2_all.deb
402bf959aea2b8040235c452eb7f2f11 903406 python optional
python-django_1.10.7-2+deb9u2_all.deb
a25a3f79aa5c993570c6a9dff08550bb 9264 python optional
python-django_1.10.7-2+deb9u2_amd64.buildinfo
9ecd4027ae32bdc2e27340b76bf00331 885284 python optional
python3-django_1.10.7-2+deb9u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltkAygACgkQHpU+J9Qx
Hlj+VA/9FDN4ieSysnp8g/2cDQ2F7wyEk2ufI0CIvVCbPu/jigoi2HVMFYCcShcW
0B50Kjjhr8qkrI8qY7xaA3wBQ/fWlnEZK4/uuFi27rnauMeFNCA9jowpYsmgPatE
rhu99y4Ou91mJBm9r+gibH7K73o147DcwlePWKS7iYXpGGPOSrCfVnmLOEexcrn3
uFoxUcfVhhPr0RwoXaSe0tt4UwqhVblFQ1OnAFOgEJxhevh93MxpLoamsDBnnrAL
/1nFubKIIGweXcARXG8tQvE3fCUavmOYDOrHmRdNaK7z44qMoUYu6HUj+EIe5GTd
kfIpBzXU6Q6ynFMTsTMC4vSUSaVsgz0Jix4C05LG1wNRMVFrwEB02txfCsQ0fMEE
4iLA6puiZQ5dPBtA5e522CuTxGSlzyPcarVAIM33PF/TWfZwDppGxOuGCYbdused
uw2IgQ1WniB/rTYmnW/CEL8g+tru+s0glQLlyPYxwMfDtkMRT9mDDscgKbp91ywZ
Ib7awFf3H+z7u2t0B0Pdp/wmposrZG1zLN/Fywk+2LUpqDf9lqykL/uML3A2z75S
GFeofeyMgiNictgm0NPEJpDapbEmrvDrNWXsSWChFHYJIsGunU7sgRZNJB/S3N5q
g9WV8j390BqiS7++N6olu/ODvMUmzdAK0olJm+Eql00Il+j5aVQ=
=tHk1
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
