Your message dated Mon, 30 Dec 2019 11:04:49 +0000 with message-id <e1ilsqv-000ak9...@fasolo.debian.org> and subject line Bug#946937: fixed in python-django 2:3.0.1-1 has caused the Debian Bug report #946937, regarding python-django: CVE-2019-19844: Potential account hijack via password reset form to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 946937: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1:1.10.7-2+deb9u6 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2019-19844[0][1]: Potential account hijack via password reset form If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-19844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844 [1] https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 2:3.0.1-1 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 946...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 30 Dec 2019 10:44:01 +0000 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:3.0.1-1 Distribution: experimental Urgency: medium Maintainer: Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 946937 Changes: python-django (2:3.0.1-1) experimental; urgency=medium . * New upstream security release. <https://www.djangoproject.com/weblog/2019/dec/18/security-releases/> (Closes: #946937) Checksums-Sha1: 0eb681c2ae72f3f635e38e333a2915c5eb2e6cf1 2769 python-django_3.0.1-1.dsc accee8de35164919fdb22b87e13324f14cfa2c0e 9022787 python-django_3.0.1.orig.tar.gz 1dd1fa8eec158cedeb041c8ab1ac80f841ad2224 25820 python-django_3.0.1-1.debian.tar.xz 90efe3e1b8fbe91de993b5191acaf2da88dd2aac 7436 python-django_3.0.1-1_amd64.buildinfo Checksums-Sha256: d7ae70bb7bc40551ee344869cdbf4b2866f5d0e14df2ecc63e1fe42bbd0abb10 2769 python-django_3.0.1-1.dsc 315b11ea265dd15348d47f2cbb044ef71da2018f6e582fed875c889758e6f844 9022787 python-django_3.0.1.orig.tar.gz 1a2e12496db4d006fdd249ba0d017ec09a2d654e7700abbcebbd6ce63923d286 25820 python-django_3.0.1-1.debian.tar.xz cc7edfad9ca17db869a3c077ec332a2121d200578844642f2a35a437bb14230e 7436 python-django_3.0.1-1_amd64.buildinfo Files: 2700c05b718ee83350c3c60673409494 2769 python optional python-django_3.0.1-1.dsc 12f434ed7ccd6ee57be6f05a45e20e97 9022787 python optional python-django_3.0.1.orig.tar.gz 39353e1e85078d8a1f86d88a90df1d52 25820 python optional python-django_3.0.1-1.debian.tar.xz 554ac167f0654958673a3875b3a7abd0 7436 python optional python-django_3.0.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4J1jkACgkQHpU+J9Qx HljdgxAAkQu8AQMluyf2+VCLSuzIsCyLWFDRTwDjF4vygYB8Xh1Ut3sBaLd/tr69 jqP2MbCwQaMbVzya6U8ACOwIQUeCgcWzoLCY26To9rdNzTUL0kjBdbjF7s35icU/ 4FuC2tgAZFDAFbiptouPoTofLRnVmXkMCwgnAWFHktsi87Pa/XsugW40bS3xNx6t F8h4iP+lz6pMjQoAuLo1ZCjYLP4oyGuvx+/gmupf+JR4AL5gD6eJeQpvhhmkELDq Rq02yH+F7SPlOY+PZvdSUWWCvAUStVTCVK/ee463d1vqXU5HsTRqMN1ysDWsVgZN zYi3jhaO3j3nN/3IWiwpRi6H755c9oFdmzuz+L5keGCrdvZTm2Zbzb75UgSVFgit +gJQ2wHw1/xHSca0GtUjhh6/B2D3URIDVV4fEV01d3V1D/g0VyA96yfv7yoHCL2Y dpMbMH8TXLhn2JMQOjHeaCESbylhR0BCYZXqQYbmn6Jpy+mWbj/8GtXez0joUjEl Qe8ldzOBecLcXP3/1e75K4Ege9tsV6zdbekBFd9OTTBcNug83gKwtNX2wrTGegRp /Bj3JcMplDKOixij4BuNC+6HHRXbs2IYkq75kk+2VJkQwPnkNcW2Kik2ODgzR5TC STfnQzP1xZjUpV098naUyYTc952PIkc09R/3hxO+vge8J3E2zSs= =A7JO -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Python-modules-team mailing list Python-modules-team@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
