Your message dated Wed, 05 Jun 2019 00:50:16 +0000
with message-id <[email protected]>
and subject line Bug#929927: fixed in python-django 1:1.11.21-1
has caused the Debian Bug report #929927,
regarding python-django: CVE-2019-12308: AdminURLFieldWidget XSS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
929927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929927
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django
Version: 1:1.11.20-1
Severity: important
Tags: security upstream
Control: found -1 2:2.2.1-1
Hi,
The following vulnerability was published for python-django.
CVE-2019-12308[0]:
AdminURLFieldWidget XSS
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-12308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
[1] https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1:1.11.21-1
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luke W Faraone <[email protected]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 05 Jun 2019 00:07:07 +0000
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Architecture: source all
Version: 1:1.11.21-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Luke W Faraone <[email protected]>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 929927
Changes:
python-django (1:1.11.21-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2019-12308: XSS in Django admin via AdminURLFieldWidget
(Closes: #929927)
Checksums-Sha1:
7b84a02a9bd9deab51093027e43e89905c730e5f 3235 python-django_1.11.21-1.dsc
2b2f2c26835c641ccc313bd5330418237e587741 7847136
python-django_1.11.21.orig.tar.gz
255a8f7e96123f150d6a31d130fafd94ac6c02a6 26188
python-django_1.11.21-1.debian.tar.xz
9f16441e7790202198779b5206ca53f13dcf99bb 1536340
python-django-common_1.11.21-1_all.deb
9d917527f892b489d36bd8b47b86105cb4aa5f05 2685008
python-django-doc_1.11.21-1_all.deb
1b0b16da5da6dd5c6e14b12e616b2ceade933537 916368 python-django_1.11.21-1_all.deb
125ebc20750c3d51cf6c0a771751206d53bdfa8c 13776
python-django_1.11.21-1_amd64.buildinfo
9b05b02a125f11a4ba5b54ff9b07099c4114afab 916136
python3-django_1.11.21-1_all.deb
Checksums-Sha256:
bf5f6714ca5bb2076a999f58f49ee8fef8d4472d7a3cf45e8c79762f819421ea 3235
python-django_1.11.21-1.dsc
ba723e524facffa2a9d8c2e9116db871e16b9207e648e1d3e4af8aae1167b029 7847136
python-django_1.11.21.orig.tar.gz
600ae7aa9a7d542bd818a2dc696fb7811b7782e1cbe22f55ec60a87c9ce1c628 26188
python-django_1.11.21-1.debian.tar.xz
506104e6713b396d3e03562a07fe342cf80b33901976594025d90b7b28297e42 1536340
python-django-common_1.11.21-1_all.deb
445b167589fec481b1b49d0e2aec1c377eaeb1b16aea15a9ae82a0017b1c114b 2685008
python-django-doc_1.11.21-1_all.deb
5bd3b0ac635e4dd8ae4da3522a5d9e1ce8e6e6c4ff5ab5bf34f9bb54ac589a3a 916368
python-django_1.11.21-1_all.deb
c77894b22826caaa6e26420ac3eef967e3ac58f4ec2a37550e6a1bba73833088 13776
python-django_1.11.21-1_amd64.buildinfo
45b832a76ab0dbf4ce5ca2eba0c784152ce1b8446b666945af68d1af7b74892a 916136
python3-django_1.11.21-1_all.deb
Files:
084e79799137c7d3bc4dc8b81b95f1da 3235 python optional
python-django_1.11.21-1.dsc
9a659a9dd9f5900fe75c7fbc4ce1b6a3 7847136 python optional
python-django_1.11.21.orig.tar.gz
da85f331f8deac819ed6a20630a141dd 26188 python optional
python-django_1.11.21-1.debian.tar.xz
469da4828fe5a4e17f1c32c85385ea01 1536340 python optional
python-django-common_1.11.21-1_all.deb
409062e337177e98f4899c6061e50066 2685008 doc optional
python-django-doc_1.11.21-1_all.deb
2e5171874ac9b2e444f7a7bb94f53073 916368 python optional
python-django_1.11.21-1_all.deb
27998b34604e8bf51d61ab0ef0f4ae9b 13776 python optional
python-django_1.11.21-1_amd64.buildinfo
8cc2f2f84059098171c99fea33aed78a 916136 python optional
python3-django_1.11.21-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEp5Z36UkZY7aVRcsPGs7Z5M9HbGwFAlz3DyMACgkQGs7Z5M9H
bGwAgA//VlMYgybJZUSGzmw5/T05uffUburCogovJxE/AF1vfkS83g1ysnbzJSEY
sJ3CK6bWJpHoY819e/JFz0FXPeS2xT7DKnDUZ4s7OxX+Xo6Ja+wRZKLGmwQx3dSn
ipYy/iN2JWIJrzKeXGcL4afY2Nq2b4LVMhERvnHLdh+r571/aawfLsukzrRZ924O
n4mkPnaoK0Sldpi67TM63YK8QxfmlJ1BDOXv+iXXYyPLHP5cFieKDMLQttRyBcky
Ed5n/YAdSslEn8LfK4jvh0/ORw80JZoVzS085slX77ImnlbJjLglQN6Brarp5A3a
mng4lh74j/cUvlQCEZ/0NKWbd6ZmM0QBxLy6/R16WosPHU1OiAdVyuuH/YYvl/a5
vaa7AAElvuZy3kgVaY8/Zq9EJ8c1C7EhJtSWvX2233YXMy6W0MCiGal4EBf2UhB7
jktvDuP0H5C5fAVKojOim0565S3CUVQ3oKUDg80veoA3aL/CLyj+sEeT7wBbqQP4
WoS+i1W5YUohzVYXNqAbMzJxHNN2cL0hY/gWstLsvvNvyK8Nd9fFZm0PGHZGiwCS
kUYZG5cjCx0bHEmy8+Xizv9HUWz64lVX2q0adZPxzvin+OdVpTLTakDiL9STN1PB
IwjeIsGjoySuSL4QUTfJGt20Z9A+rpxOLuE5qBpq3NPzUE1x2Ps=
=wb2W
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
