Yep, planning on tackling this evening. (PDT) Per discussion with Security Team a DSA isn't warranted for this issue.
On Tue, 4 Jun 2019 at 10:11, Chris Lamb <la...@debian.org> wrote: > [Adding lfara...@debian.org to CC] > > Salvatore Bonaccorso wrote > > > CVE-2019-12308[0]: > > AdminURLFieldWidget XSS > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2019-12308 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308 > > [1] https://www.djangoproject.com/weblog/2019/jun/03/security-releases/ > > Luke, do you still plan to take this as discussed during the embargo? I > might have some bandwidth the next day or so if not, but let me know. > > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org 🍥 chris-lamb.co.uk > `- > -- Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs; MIT SIPB lfaraone on irc.[freenode,oftc].net -- https://luke.wf/ohhello PGP fprint: 8C82 3DED 10AA 8041 639E 1210 5ACE 8D6E 0C14 A470
