Your message dated Tue, 04 May 2021 13:48:32 +0000 with message-id <e1ldvpc-000dxw...@fasolo.debian.org> and subject line Bug#988053: fixed in python-django 2:2.2.21-1 has caused the Debian Bug report #988053, regarding python-django: CVE-2021-31542 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1:1.10.7-2+deb9u12 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2021-31542[0][1]: Potential directory-traversal via uploaded files If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31542 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542 [1] https://www.djangoproject.com/weblog/2021/may/04/security-releases/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 2:2.2.21-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 04 May 2021 13:07:54 +0100 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:2.2.21-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 988053 Changes: python-django (2:2.2.21-1) unstable; urgency=medium . * New upstream security release: - CVE-2021-31542: Potential directory-traversal via uploaded files. (Closes: #988053) - Full release notes: <https://www.djangoproject.com/weblog/2021/may/04/security-releases/> Checksums-Sha1: 0cd67bb33ac679d085b46a5d1a74c1c1280e340d 2779 python-django_2.2.21-1.dsc 203abbd4ab8dd336a5e1cfcacf2e481ac5a29979 9209871 python-django_2.2.21.orig.tar.gz 76b3a1f258c43bc6339b09c18332bf14d8055480 26800 python-django_2.2.21-1.debian.tar.xz 8338375743e9345912cccdd91b86d782c8bc6512 7732 python-django_2.2.21-1_amd64.buildinfo Checksums-Sha256: 816cbf47c82e463ab6cfb9cb7cb0ad8e4aef65fcc449fc3041bb7fe3460571c7 2779 python-django_2.2.21-1.dsc 7460cfe3781d36d1625230267dad255deb33e9229e41f21e32b33b9d536d20cd 9209871 python-django_2.2.21.orig.tar.gz 5b5b1797ac6a24c0168c08d95cb27d0a5f489270ba21db6faba429cf798024c5 26800 python-django_2.2.21-1.debian.tar.xz 38c8ea27680d7e78063d027c0041ffd801cd5c6621a70a2e1bd69055e001409c 7732 python-django_2.2.21-1_amd64.buildinfo Files: 2e1a5e138ba48f356bf4da86feb8bfcf 2779 python optional python-django_2.2.21-1.dsc fa2da272f5103dfe56c4ddc6d43037ca 9209871 python optional python-django_2.2.21.orig.tar.gz fee5a1476cb0f38f023338c7c3d4d5e0 26800 python optional python-django_2.2.21-1.debian.tar.xz b5657ba6494244b2e4d4b3744b4273a4 7732 python optional python-django_2.2.21-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmCRTT4ACgkQHpU+J9Qx HliPQA/+Jan1XSKar7AvxUdFTVM8P0klmKjR4vGW+wrkMsOlRSltr8qphojimx87 9729h5RDV1SvhkXqcNxr9m4nNxEBcNsKYfIWbTAhE28FbJ+PclK+MCdTGFbk7wKA H6ERAvoAQ/YkM5F7+jQ29AWCmo1AjGZXbbEPIcahcTdvhQDRXHKEif+s1x7F3cxb VEGWx4NXlbprH0Zppx6a1dfbc3LNx8hkPc1w4IfzqQXMEmxwUzH8112uyRl4Wa8Y j/NV6sddn5dNp+exMuZWiA1uNtBTPZlasmGBrTu7ovnQCWnUY0hDkrHzdbUt8LXz FFGP3ln6PmGE2ekBS2s5Q8I/x6eligtiDQ4HHtCJyEmdYsaCRzrsmNWfJ5yeUMQQ czr4F57K9DcByFZCXKqegPG3AcXxtuYKqG2KZjf6hsLVT5l0xOKCuGeedMKaLuaL prCRuC5RbVk16xUZ4uNiZDLHXAgyDdbuNPF1s5WxHCtO59pTtjWIvw6FGMDGYwrc pd7wWpHPVxf3KuB6vMwjyxtOEiKrkb/qOSbX9/ptueIg++AvBzPgVOjQWKkckez7 irFa/i3iGVmqdLLEG0Ey/nperulRR6boazmWPFW3kQTF/8ror3iEHZhRMUystQga ag4p0VuUwlTC5XNN34YsP4Ie7InSjBrD2Nc7GGTSbuho4yMQPLE= =5Sjn -----END PGP SIGNATURE-----
--- End Message ---
