Your message dated Fri, 28 Apr 2017 10:32:39 +0000
with message-id <[email protected]>
and subject line Bug#842856: fixed in python-django 1.7.11-1+deb8u2
has caused the Debian Bug report #842856,
regarding python-django: CVE-2016-9013 CVE-2016-9014
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
842856: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842856
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Version: 1.7.7-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for python-django.
CVE-2016-9013[0]:
User with hardcoded password created when running tests on Oracle
CVE-2016-9014[1]:
DNS rebinding vulnerability when DEBUG=True
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9013
[1] https://security-tracker.debian.org/tracker/CVE-2016-9014
[2] https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1.7.11-1+deb8u2
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luke W Faraone <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 23 Apr 2017 20:52:55 +0000
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source all
Version: 1.7.11-1+deb8u2
Distribution: stable
Urgency: high
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Luke W Faraone <[email protected]>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 842856 859515 859516
Changes:
python-django (1.7.11-1+deb8u2) jessie-security; urgency=high
.
* SECURITY UPDATE:
- CVE-2016-9013: User with hardcoded password created when running tests on
Oracle
- CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True
(Closes: #842856)
- CVE-2017-7233: Open redirect and possible XSS attack via user-supplied
numeric redirect URLs (Closes: #859515)
- CVE-2017-7234: Open redirect vulnerability in django.views.static.serve()
(Closes: #859516)
Checksums-Sha1:
284789efbe64cd5c85da22ca0a8442c664f21958 2713 python-django_1.7.11-1+deb8u2.dsc
5dfa550c5fd4a666371e63056f9b8b4e1688c28a 35356
python-django_1.7.11-1+deb8u2.debian.tar.xz
2da960925b1ea9c513ed151dd9465e85b6b7517c 994342
python-django_1.7.11-1+deb8u2_all.deb
09c35a9948a584808213c0623272360fe4062aca 978076
python3-django_1.7.11-1+deb8u2_all.deb
15a96f0657c0bdf04d1b9437fae384df729bf42d 1503460
python-django-common_1.7.11-1+deb8u2_all.deb
731d1528e7975ebfe3a200fa4609be03b8496eb6 2493184
python-django-doc_1.7.11-1+deb8u2_all.deb
Checksums-Sha256:
d238c7ab55ade686db92c64dcd01cf5241a5705f5262552ec9e9a4a41028296a 2713
python-django_1.7.11-1+deb8u2.dsc
f39cf99d63fc94ccb1eeca51505785ee3d85c8ff376225036e9c08929d4ba521 35356
python-django_1.7.11-1+deb8u2.debian.tar.xz
52ae8d17cc99b175d77292ee449377f7139519fa85e588605ea264aae2d04f20 994342
python-django_1.7.11-1+deb8u2_all.deb
f96e381d52a974fb476904a53ce0ad7c35b952bb505c4c6316271a5e894e975d 978076
python3-django_1.7.11-1+deb8u2_all.deb
09db2448b7a0413b18ae737d23d9d9abe856d748ce7c73d1591649e084785b66 1503460
python-django-common_1.7.11-1+deb8u2_all.deb
765e13af0467296c28356a94c9f30838e5ca3565c42b2495f3d89ac4a2c2b1a3 2493184
python-django-doc_1.7.11-1+deb8u2_all.deb
Files:
c1e975d0dd687959fb35b7efa27d0902 2713 python optional
python-django_1.7.11-1+deb8u2.dsc
7fec8261ab9b449073c389142e524497 35356 python optional
python-django_1.7.11-1+deb8u2.debian.tar.xz
e0007128e55e4da01e66db324dd3ebab 994342 python optional
python-django_1.7.11-1+deb8u2_all.deb
33540a04897acce631852c3b759c44c7 978076 python optional
python3-django_1.7.11-1+deb8u2_all.deb
75a2f62e80f61e331daf42675bbb7998 1503460 python optional
python-django-common_1.7.11-1+deb8u2_all.deb
6b2245d7c89250de5256966e15814a81 2493184 doc optional
python-django-doc_1.7.11-1+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQItBAEBCAAXBQJY/TU4EBxsdWtlQGZhcmFvbmUuY2MACgkQ2Ov4wRG5tSCkrhAA
ilI9+NIuP2Zr1tiOYnKoGLx0n+RpGAHzWshXV38XciTftN3sHHKeaAA9rhXYd0+3
JK7dYAtYl/uIMmtYkQsNg41GS0fEnRO486rLaip+thB8Pq+M0UTLXnWugQuTtNSP
/5+v5gA7vOBdgCkEqE77HnbsFqnJna/jNZswk5W3UOqSPAKESrwpYS9XZT0eSzcP
T8o9Cfwwu5xATaGM0YS0B9RsrGVh+5s+1uNQf1PBzcR/wi7d45FN+INevtSDePe1
1V6LmDkOLqH9R76ifVr3ZmJqp110lwz4Ki27+8K2lT4/w2LB473TjD1m+OTboI6i
AVKMBS0Oq9KMyCvy5Vf1JTA9BBcFNZdO6fjwLUHPQhhJsIa8Li/mj5lSBwer6pzR
mi7zl7oZ8XujMMVx/ls5+6EuFNKYdN5uJDuYpwcl2r0vHskpYTwaJ7PoezSSj9DY
nrcMuKvGv3jDzUWwVeHa5eVLGe4M8V/aG5qG2G6EET/uOGLJHob8KPEp5gD4tpjg
BgsS17V9ti7/tGvz0f6bIvwS0jge6+6vMM43OEiMRrOD8eXs1y+gpuEFIdwAMkht
IF05yRRoUB/k2fVVXY06OFLlHW1hy1eq2HGUrVcslxQ7bw2IF+KqGKG+srcr4FKm
y9gAFO63KVMY9md7ibBsdQVbwpXa0NyjKjRcBNO2Wjc=
=5h1u
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
