Your message dated Wed, 04 Mar 2020 16:40:53 +0000
with message-id <[email protected]>
and subject line Bug#953102: fixed in python-django 2:3.0.4-1
has caused the Debian Bug report #953102,
regarding python-django: CVE-2020-9402
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
953102: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953102
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Version: 2:2.2.10-1
Severity: important
Tags: security upstream
Control: found -1 2:3.0.2-1
Control: found -1 1:1.11.28-1~deb10u1
Control: found -1 1:1.11.27-1~deb10u1
Control: found -1 1:1.10.7-2+deb9u8
Control: found -1 1:1.10.7-2+deb9u7
Control: found -1 1:1.10.7-1
Hi,
The following vulnerability was published for python-django.
CVE-2020-9402[0]:
| Potential SQL injection via tolerance
| parameter in GIS functions and aggregates on Oracle
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-9402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9402
[1] https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 2:3.0.4-1
Done: Chris Lamb <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Mar 2020 08:22:30 -0800
Source: python-django
Built-For-Profiles: nocheck
Architecture: source
Version: 2:3.0.4-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Chris Lamb <[email protected]>
Closes: 953102
Changes:
python-django (2:3.0.4-1) experimental; urgency=medium
.
* New upstream security release. (Closes: #953102)
<https://www.djangoproject.com/weblog/2020/mar/04/security-releases/>
* Bump Standards-Version to 4.5.0.
* Refresh
debian/patches/0004-Use-locally-installed-documentation-sources.patch.
Checksums-Sha1:
9f5b8a88bcec036104fbdb1da12cff2992305621 2798 python-django_3.0.4-1.dsc
97030f70e8f385c2f1cea031fb1e17a32e93f9cf 9060331
python-django_3.0.4.orig.tar.gz
bbadbf22e6599db642ab89614cdfd276dc4efed2 25884
python-django_3.0.4-1.debian.tar.xz
9953ef7070ebbdd18e16c70ccc088467a16d286f 7576
python-django_3.0.4-1_amd64.buildinfo
Checksums-Sha256:
dba1498cbb916167ee3ee455ec492323a0b4598ddb033c2cbd3858dd2b80781c 2798
python-django_3.0.4-1.dsc
50b781f6cbeb98f673aa76ed8e572a019a45e52bdd4ad09001072dfd91ab07c8 9060331
python-django_3.0.4.orig.tar.gz
d87c582648cfce828f74f9d3baee64d8e029af2cf6d7efcf925312d1e78ceba1 25884
python-django_3.0.4-1.debian.tar.xz
003157fb860fc2f6a33d9d87e052fe966655c16910b86617ec0204d34dc1205c 7576
python-django_3.0.4-1_amd64.buildinfo
Files:
9d6b336ec844c606c6e9854aa69288eb 2798 python optional python-django_3.0.4-1.dsc
0b0299419770eaff86ff3a4af519cd6a 9060331 python optional
python-django_3.0.4.orig.tar.gz
d639a30a5f580f19fda98b75d59e8901 25884 python optional
python-django_3.0.4-1.debian.tar.xz
1c14f52dfc07d96a9e2635b4b1f74e68 7576 python optional
python-django_3.0.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5f1m8ACgkQHpU+J9Qx
HlgmiQ/9HJ0Py4sMRf4WujZFG9hxo5QVru6UXLV6P+KJ0ic0wuLOW2Wgr5+W3Ifq
p8DKuVwfS3rJrLeJHQ6cTrZ5lm1sKp5mqWEVyQAfi/PBDNL+/FUqLZt3csBe8pfv
S0Bjv9Hyps1H+sd61EytXaMjowm4p+zuR88YLKW6AE4PuY4cBGRWU0ykKmI2zHZa
awZ5LcjBsWGyrdVGJomvbzer/1HTtC15OcJms8igTNgmJcgGi9SMyhL2hqFM3vBm
7WBvJ34x+X19RdPDNK3LVq5U9iaGOq3BoOo2hHC8tcXw1cZilO6wMFc8rMconQvs
HcB/1hsbGm49an2Vyk5O79jMNAs39LJk9jQxkCkvdoQcDZztfMphcAHi1Pxk3yMm
iiGxKJ6XFRiZEr1VjiEB3ukBp4GQ4Nmh+Q9BKjj8l5irTs/dk2FqMZI70I3BuUuF
TpsRRwGAgwp+SZfzvOvbK51TOmfrJMvDxUl54rkTvm3nxcKfWWBDbr7IXvCZajZu
vJHuC7wpLsRLh5dJC2dWhK0TRjKii+nnrPeGCe4xH+O9oW0wAAMItzerpCWiMiWp
UKQVzbCh3317vQEKAqK894wt3Lt5NzXQf64msmKMO/wkO/9uaFUd2SwXjcHCmk0P
KZWFIU95dp8vTBRSY5J49Y5KVRf1POR+BW2ZQNea1SkxkWtHqXY=
=g7Cx
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
