On 06/06 10:15, Chris Lamb wrote: > > python-django: CVE-2020-13254 CVE-2020-13596 > > Security team, would you like an update for stretch and/or buster to > address these issues? It's fixed in sid, experimental as well as > jessie LTS. Bullseye is just pending migration time AFAICT.
Hi Chris, yes, that'd be fine. Is there any chance you could also piggyback the fix for CVE-2020-9402 (marked "postponed") on top of the ones for CVE-2020-13254 and CVE-2020-13596? Cheers, -- Seb