Your message dated Wed, 08 Jan 2020 21:47:38 +0000 with message-id <e1ipjaw-000ggl...@fasolo.debian.org> and subject line Bug#946937: fixed in python-django 1:1.10.7-2+deb9u7 has caused the Debian Bug report #946937, regarding python-django: CVE-2019-19844: Potential account hijack via password reset form to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 946937: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1:1.10.7-2+deb9u6 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2019-19844[0][1]: Potential account hijack via password reset form If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-19844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844 [1] https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 1:1.10.7-2+deb9u7 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 946...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 06 Jan 2020 17:52:10 +0000 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1:1.10.7-2+deb9u7 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 946937 Changes: python-django (1:1.10.7-2+deb9u7) stretch-security; urgency=high . * CVE-2019-19844: Prevent a potential account hijack via the password reset form. (Closes: #946937) Checksums-Sha1: 5d7572b2d103d2e38351251a55203a354d9ebbf4 2804 python-django_1.10.7-2+deb9u7.dsc 5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654 python-django_1.10.7.orig.tar.gz ec405d3ab180b33cf78449eb12af94dca4b80ddc 44024 python-django_1.10.7-2+deb9u7.debian.tar.xz c4c293e6b8261d1857fa13353a0f4cf46109321f 1515080 python-django-common_1.10.7-2+deb9u7_all.deb 8b9ddfc21fb812d75e5961f028ca5b007b0a20c1 2536484 python-django-doc_1.10.7-2+deb9u7_all.deb a7e7294eee602d7bf87cc41c78ca585d0e49f5d1 905080 python-django_1.10.7-2+deb9u7_all.deb a70974a395b89996c1b1e1d42ba5a8a7e4c0641d 9386 python-django_1.10.7-2+deb9u7_amd64.buildinfo 8e78dc8699f240af25e93c43257e276c825aaec4 886618 python3-django_1.10.7-2+deb9u7_all.deb Checksums-Sha256: 0b0bb55549574e2a65ffa79669757f4eb409dea8a124a759c3b7e331dac4214a 2804 python-django_1.10.7-2+deb9u7.dsc 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654 python-django_1.10.7.orig.tar.gz 9325cadba0cb6b8f318a95e482deb71a271d87df1643fc7bea30fc571107c62c 44024 python-django_1.10.7-2+deb9u7.debian.tar.xz 0a174b5d64d6475dd2ccaef9f762fe2d538b4f1c02b381d0ed2a6a958fc84bc8 1515080 python-django-common_1.10.7-2+deb9u7_all.deb 168b275c555b91d42f156e71a4042832ac854877cd3efdfcbf56667ac163de2c 2536484 python-django-doc_1.10.7-2+deb9u7_all.deb cf0cc4006230c8f7e37f6eca9ff31e644ef6fb979d42cfe355f494b54a819d39 905080 python-django_1.10.7-2+deb9u7_all.deb c627110d9dfc4439ce57441c13858239f082ae4d4486fc780fa62bcbff337387 9386 python-django_1.10.7-2+deb9u7_amd64.buildinfo 831e7d7b3089d6b72d490cf343c03a29b9a690563cda53ae7d02b35f04669722 886618 python3-django_1.10.7-2+deb9u7_all.deb Files: 2d0eb81efabac7ca4a1f1630c304c618 2804 python optional python-django_1.10.7-2+deb9u7.dsc 693dfeabad62c561cb205900d32c2a98 7737654 python optional python-django_1.10.7.orig.tar.gz 61f2736f354f63fe4f6a4ade30fb0073 44024 python optional python-django_1.10.7-2+deb9u7.debian.tar.xz 32245b8b212510868d2ebcd9670cf31c 1515080 python optional python-django-common_1.10.7-2+deb9u7_all.deb 80e7bf503a7943298e1c06e043c93de1 2536484 doc optional python-django-doc_1.10.7-2+deb9u7_all.deb 981a753ec7197197fe5e08666bfbcc90 905080 python optional python-django_1.10.7-2+deb9u7_all.deb 2e5552b7830340ea92c8038cad364361 9386 python optional python-django_1.10.7-2+deb9u7_amd64.buildinfo 61dd9b604ede07ad9c44ee26e2332acf 886618 python optional python3-django_1.10.7-2+deb9u7_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4TvokACgkQHpU+J9Qx HlhYjBAAgAac7K6Xbf29c/NIPlnpeN6jdHxGOBLkeVKTUm2MRrgogr9Z3bmSwfT3 aQVbgrPAgXDOjSUcmjOmn6QZh33udmPEVku8lG5fYRVERneNz9jnwN74S1H6resz VVYBzk/kKTcjpJdKrS3CitXbmz97LKtJ652XKSUxN83eTaBEsNyYmDCEIKXnmB1s yyMv9L1+0Tuubpeitmxcnx9AROdf5eDf29YFUQilASqw/GbLRTEAx8liF73zW+s4 vu85U/DEMZwnuIT54BZIqYd+A8sDwujbFB6u6xRR04Ooy2bCtIgemvIcwsJ+SfBz 5qFSWAXN7b1msI+07wycrtIh6Z0W76nKc6R2NUgb/cyBq6hCeQ1NA8v7G0zOL4sF +z4ywmoAacfS2zJPKxQyn8dTUuid28Du0XImPGYoEGodWjaHgIZH2KAUX9J4R+B/ fJQfdBZnbwd4EP7cGpAVyOK2eK+P+hA/uDmWZH7PJCxYFxnPzikXq6P2u9C7qoYo DTrzu8MeHM26KjsPZZs94M4dgGet0vcsraJomeFs2qoKy/HDPn5vHcm2fyxksoOd K27W4YE3aTgrcZxXWTW4cU2brXMML6CieBQ80h0lrRc0yq/8hR2LUdmgPF7vcM1E eqxXq4/7PwLfYxOK+fM3nDj4ikxjz21tRfDTjJDkGmrCR6aTCH4= =p5DU -----END PGP SIGNATURE-----
--- End Message ---
