Your message dated Wed, 04 Mar 2020 16:20:55 +0000
with message-id <[email protected]>
and subject line Bug#953102: fixed in python-django 2:2.2.11-1
has caused the Debian Bug report #953102,
regarding python-django: CVE-2020-9402
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
953102: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Version: 2:2.2.10-1
Severity: important
Tags: security upstream
Control: found -1 2:3.0.2-1
Control: found -1 1:1.11.28-1~deb10u1
Control: found -1 1:1.11.27-1~deb10u1
Control: found -1 1:1.10.7-2+deb9u8
Control: found -1 1:1.10.7-2+deb9u7
Control: found -1 1:1.10.7-1
Hi,
The following vulnerability was published for python-django.
CVE-2020-9402[0]:
| Potential SQL injection via tolerance
| parameter in GIS functions and aggregates on Oracle
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-9402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402
[1] https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 2:2.2.11-1
Done: Chris Lamb <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Mar 2020 08:01:27 -0800
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:2.2.11-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Chris Lamb <[email protected]>
Closes: 953102
Changes:
python-django (2:2.2.11-1) unstable; urgency=medium
.
* New upstream security release. (Closes: #953102)
<https://www.djangoproject.com/weblog/2020/mar/04/security-releases/>
Checksums-Sha1:
21702eef4bb4eb9697cbb399f33a063128a2e51f 2798 python-django_2.2.11-1.dsc
fcb4c862f6f769465dc1d2bbb71e7a733db8e134 9010479
python-django_2.2.11.orig.tar.gz
b8db3a8ece58a0fea0711e8dd7b0edac3b3b07d4 25964
python-django_2.2.11-1.debian.tar.xz
8a07ab0e1ba8d5da1b570fc2eced78ee65300a77 7642
python-django_2.2.11-1_amd64.buildinfo
Checksums-Sha256:
cfbb26bf69a69c254e752858aae4ca61f4763f1115d2cca089a35d663ff57cf2 2798
python-django_2.2.11-1.dsc
65e2387e6bde531d3bb803244a2b74e0253550a9612c64a60c8c5be267b30f50 9010479
python-django_2.2.11.orig.tar.gz
d5a01d20026fe88096236d0703599a49b80bd1c64e13ec17e5a409e4f51aab3b 25964
python-django_2.2.11-1.debian.tar.xz
b88f526c782b39c0e3fc1467c6c1d0de83423b49f0d89a8681a7b95e137040b0 7642
python-django_2.2.11-1_amd64.buildinfo
Files:
2f9fa76ff9e5b373c09e7bc6868e4512 2798 python optional
python-django_2.2.11-1.dsc
3d8cc4ec1329c742d848c418932e488a 9010479 python optional
python-django_2.2.11.orig.tar.gz
b15f8de05ead846293570c8c44d40b99 25964 python optional
python-django_2.2.11-1.debian.tar.xz
5cbb6ed644c7689af89fcb35c4e2b877 7642 python optional
python-django_2.2.11-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5f0pcACgkQHpU+J9Qx
HliAvA//fmliQy1Lqf03+LF2WJU/nOireceWXZ9A+AwHnZ0xWnCWd0j5AvP3+Vbq
xzn99sD5UARx6jD9MhVIUIlG8mJViKBsaXdZ8h2G7Jauddxs/W+KZTUI/A7bst5P
S97r5MhMJCENeFn9tdXdbQDiaoCOr71NseTRiHVk2tXaLVJ6VfdjySKFGykhxHZG
oDa++NeVbtUUR2DNjuBSfB7B0RU4AZgeHNYWX5Um35z0ahJHRWZl5Jwmv2eOqPL1
sc1NFOrNEYMB0ZBIuXdRpeX0hXFci1Lng6ymC9CwOaJObH0WOavubVBqE/1EVnAP
miWcmVi6QiKoln57ckCGCvKGk5KKpyvHiLmlSheGraFkx9Ki1ZP2L9vZKW4QziC9
AzGywluKQq9MFDTMT/ywC9CMOZvT1NCn96fYy6hD4LLxTKh8LaKtWdgAVbnJHlzz
1NYa0a+snnELMcZ9OP+buxcuVHl0LLU6yTx93o0yOq8UrKksXOUclTJygetnUdVT
1/uzuXu2QpuFzkh6UEhzopPvt1EkJKESOep7IVEBf3n2OUPK3KWpJh/vyYnO306b
4Bbb6wZGSAgL+NSx+n6/X9CyB4PXKRNLmNRba8vBSnBpuWcqIsbM6aI6BWgniYUc
3IqNoDurE7qotmnS41Nhp9SrglDhNARkn64oKyKxX2HSCx719cs=
=//FD
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
