On Mon, Sep 02, 2019 at 10:36:58PM +0200, Salvatore Bonaccorso wrote:
> Hi Chris,
>
> On Mon, Sep 02, 2019 at 02:07:55PM +0100, Chris Lamb wrote:
> > Chris Lamb wrote:
> >
> > > > > +python-django (1:1.11.23-1~deb10u1) buster-security; urgency=high
> > > >
> > > > Thanks, these both look good;
Hi Chris,
On Mon, Sep 02, 2019 at 02:07:55PM +0100, Chris Lamb wrote:
> Chris Lamb wrote:
>
> > > > +python-django (1:1.11.23-1~deb10u1) buster-security; urgency=high
> > >
> > > Thanks, these both look good; please upload to security-master.
> >
> > Both uploaded to security-master.
>
>
Chris Lamb wrote:
> > > +python-django (1:1.11.23-1~deb10u1) buster-security; urgency=high
> >
> > Thanks, these both look good; please upload to security-master.
>
> Both uploaded to security-master.
There is now a 1.11.24 (ie. 1:1.11.24-1~deb10u1) upstream:
Hi Sébastien,
> > +python-django (1:1.10.7-2+deb9u5) stretch-security; urgency=high
> > [...]
> > +python-django (1:1.11.23-1~deb10u1) buster-security; urgency=high
>
> Thanks, these both look good; please upload to security-master.
Both uploaded to security-master.
Regards,
--
,''`.
On 08/08 11:02, Chris Lamb wrote:
> +python-django (1:1.10.7-2+deb9u5) stretch-security; urgency=high
> [...]
> +python-django (1:1.11.23-1~deb10u1) buster-security; urgency=high
Thanks, these both look good; please upload to security-master.
Cheers,
--
Seb
Hi Salvatore,
> Although I'm late for the game ;-). You can use both
> 1:1.11.23-1~deb10u1 or 1:1.11.23-0+deb10u1. It is a matter of what you
> want the oxpress.
>
> 1:1.11.23-1~deb10u1 ... is mainly are rebuild of 1:1.11.23-1 with
> maybe some additional changes. Examples for this one are e.g.
Hi,
On Thu, Aug 08, 2019 at 02:16:29PM +0100, Chris Lamb wrote:
> Hi Moritz,
>
> > > > > Security team (added to CC), would you be interested in uploads for
> > > > > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > > > > 1:1.10.7-2+deb9u5)?
> […]
> > I just realised that
Hi Moritz et al.,
> > > > > > Security team (added to CC), would you be interested in uploads for
> > > > > > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > > > > > 1:1.10.7-2+deb9u5)?
> > […]
> > > I just realised that there's a 1.11.23 (thanks Salvatore!), given that
> > >
On Thu, Aug 08, 2019 at 02:16:29PM +0100, Chris Lamb wrote:
> Hi Moritz,
>
> > > > > Security team (added to CC), would you be interested in uploads for
> > > > > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > > > > 1:1.10.7-2+deb9u5)?
> […]
> > I just realised that there's a
Hi Moritz,
> > > > I mention it specifically as I'm not 100% confident this is correct
> > > > and Lintian somewhat-correctly complained about a "missing" version
> > > > (to wit, 1:1.11.22-1 its technically missing).
[…]
> Got it. From my PoV Lintian should probably just waive that check
>
Hi Moritz,
> > > > Security team (added to CC), would you be interested in uploads for
> > > > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > > > 1:1.10.7-2+deb9u5)?
[…]
> I just realised that there's a 1.11.23 (thanks Salvatore!), given that
> we agreed to follow 1.11.x in
On Thu, Aug 08, 2019 at 11:02:48AM +0100, Chris Lamb wrote:
> Hi Sébastien,
>
> > > Security team (added to CC), would you be interested in uploads for
> > > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > > 1:1.10.7-2+deb9u5)?
> […]
> > yes, thank you. Can you email us debdiffs
On Thu, Aug 08, 2019 at 11:22:37AM +0100, Chris Lamb wrote:
> Moritz Muehlenhoff wrote:
>
> > > I mention it specifically as I'm not 100% confident this is correct
> > > and Lintian somewhat-correctly complained about a "missing" version
> > > (to wit, 1:1.11.22-1 its technically missing).
> >
>
Moritz Muehlenhoff wrote:
> > I mention it specifically as I'm not 100% confident this is correct
> > and Lintian somewhat-correctly complained about a "missing" version
> > (to wit, 1:1.11.22-1 its technically missing).
>
> Where does Lintian parse the data about existing releases? How does it
On Thu, Aug 08, 2019 at 11:02:48AM +0100, Chris Lamb wrote:
> Hi Sébastien,
>
> > > Security team (added to CC), would you be interested in uploads for
> > > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > > 1:1.10.7-2+deb9u5)?
> […]
> > yes, thank you. Can you email us debdiffs
Hi Sébastien,
> > Security team (added to CC), would you be interested in uploads for
> > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > 1:1.10.7-2+deb9u5)?
[…]
> yes, thank you. Can you email us debdiffs ? I'll then take care of the
> review and DSAs. I've attached these and
On 06/08 10:20, Chris Lamb wrote:
> Security team (added to CC), would you be interested in uploads for
> buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> 1:1.10.7-2+deb9u5)?
Hi Chris,
yes, thank you. Can you email us debdiffs ? I'll then take care of the
review and DSAs.
Cheers,
[Adding t...@security.debian.org to CC]
Chris Lamb wrote:
> The following vulnerabilities were published for python-django.
>
> CVE-2019-14232[0]:
> CVE-2019-14233[1]:
> CVE-2019-14234[2]:
> CVE-2019-14235[3]:
I have just fixed this in sid and will fix this in jessie LTS shortly.
Security
Package: python-django
Version: 1.7.11-1+deb8u6
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for python-django.
CVE-2019-14232[0]:
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before
| 2.1.11, and
19 matches
Mail list logo
