Your message dated Wed, 08 Jan 2020 21:47:38 +0000
with message-id <e1ipjaw-000ggl...@fasolo.debian.org>
and subject line Bug#946937: fixed in python-django 1:1.10.7-2+deb9u7
has caused the Debian Bug report #946937,
regarding python-django: CVE-2019-19844: Potential account hijack via password
reset form
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
946937: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-django
Version: 1:1.10.7-2+deb9u6
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-django.
CVE-2019-19844[0][1]: Potential account hijack via password
reset form
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-19844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
[1] https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1:1.10.7-2+deb9u7
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 946...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <la...@debian.org> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 06 Jan 2020 17:52:10 +0000
Source: python-django
Binary: python-django python3-django python-django-common python-django-doc
Architecture: source all
Version: 1:1.10.7-2+deb9u7
Distribution: stretch-security
Urgency: high
Maintainer: Debian Python Modules Team
<python-modules-t...@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
python-django - High-level Python web development framework (Python 2 version)
python-django-common - High-level Python web development framework (common)
python-django-doc - High-level Python web development framework (documentation)
python3-django - High-level Python web development framework (Python 3 version)
Closes: 946937
Changes:
python-django (1:1.10.7-2+deb9u7) stretch-security; urgency=high
.
* CVE-2019-19844: Prevent a potential account hijack via the password reset
form. (Closes: #946937)
Checksums-Sha1:
5d7572b2d103d2e38351251a55203a354d9ebbf4 2804 python-django_1.10.7-2+deb9u7.dsc
5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654
python-django_1.10.7.orig.tar.gz
ec405d3ab180b33cf78449eb12af94dca4b80ddc 44024
python-django_1.10.7-2+deb9u7.debian.tar.xz
c4c293e6b8261d1857fa13353a0f4cf46109321f 1515080
python-django-common_1.10.7-2+deb9u7_all.deb
8b9ddfc21fb812d75e5961f028ca5b007b0a20c1 2536484
python-django-doc_1.10.7-2+deb9u7_all.deb
a7e7294eee602d7bf87cc41c78ca585d0e49f5d1 905080
python-django_1.10.7-2+deb9u7_all.deb
a70974a395b89996c1b1e1d42ba5a8a7e4c0641d 9386
python-django_1.10.7-2+deb9u7_amd64.buildinfo
8e78dc8699f240af25e93c43257e276c825aaec4 886618
python3-django_1.10.7-2+deb9u7_all.deb
Checksums-Sha256:
0b0bb55549574e2a65ffa79669757f4eb409dea8a124a759c3b7e331dac4214a 2804
python-django_1.10.7-2+deb9u7.dsc
593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654
python-django_1.10.7.orig.tar.gz
9325cadba0cb6b8f318a95e482deb71a271d87df1643fc7bea30fc571107c62c 44024
python-django_1.10.7-2+deb9u7.debian.tar.xz
0a174b5d64d6475dd2ccaef9f762fe2d538b4f1c02b381d0ed2a6a958fc84bc8 1515080
python-django-common_1.10.7-2+deb9u7_all.deb
168b275c555b91d42f156e71a4042832ac854877cd3efdfcbf56667ac163de2c 2536484
python-django-doc_1.10.7-2+deb9u7_all.deb
cf0cc4006230c8f7e37f6eca9ff31e644ef6fb979d42cfe355f494b54a819d39 905080
python-django_1.10.7-2+deb9u7_all.deb
c627110d9dfc4439ce57441c13858239f082ae4d4486fc780fa62bcbff337387 9386
python-django_1.10.7-2+deb9u7_amd64.buildinfo
831e7d7b3089d6b72d490cf343c03a29b9a690563cda53ae7d02b35f04669722 886618
python3-django_1.10.7-2+deb9u7_all.deb
Files:
2d0eb81efabac7ca4a1f1630c304c618 2804 python optional
python-django_1.10.7-2+deb9u7.dsc
693dfeabad62c561cb205900d32c2a98 7737654 python optional
python-django_1.10.7.orig.tar.gz
61f2736f354f63fe4f6a4ade30fb0073 44024 python optional
python-django_1.10.7-2+deb9u7.debian.tar.xz
32245b8b212510868d2ebcd9670cf31c 1515080 python optional
python-django-common_1.10.7-2+deb9u7_all.deb
80e7bf503a7943298e1c06e043c93de1 2536484 doc optional
python-django-doc_1.10.7-2+deb9u7_all.deb
981a753ec7197197fe5e08666bfbcc90 905080 python optional
python-django_1.10.7-2+deb9u7_all.deb
2e5552b7830340ea92c8038cad364361 9386 python optional
python-django_1.10.7-2+deb9u7_amd64.buildinfo
61dd9b604ede07ad9c44ee26e2332acf 886618 python optional
python3-django_1.10.7-2+deb9u7_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4TvokACgkQHpU+J9Qx
HlhYjBAAgAac7K6Xbf29c/NIPlnpeN6jdHxGOBLkeVKTUm2MRrgogr9Z3bmSwfT3
aQVbgrPAgXDOjSUcmjOmn6QZh33udmPEVku8lG5fYRVERneNz9jnwN74S1H6resz
VVYBzk/kKTcjpJdKrS3CitXbmz97LKtJ652XKSUxN83eTaBEsNyYmDCEIKXnmB1s
yyMv9L1+0Tuubpeitmxcnx9AROdf5eDf29YFUQilASqw/GbLRTEAx8liF73zW+s4
vu85U/DEMZwnuIT54BZIqYd+A8sDwujbFB6u6xRR04Ooy2bCtIgemvIcwsJ+SfBz
5qFSWAXN7b1msI+07wycrtIh6Z0W76nKc6R2NUgb/cyBq6hCeQ1NA8v7G0zOL4sF
+z4ywmoAacfS2zJPKxQyn8dTUuid28Du0XImPGYoEGodWjaHgIZH2KAUX9J4R+B/
fJQfdBZnbwd4EP7cGpAVyOK2eK+P+hA/uDmWZH7PJCxYFxnPzikXq6P2u9C7qoYo
DTrzu8MeHM26KjsPZZs94M4dgGet0vcsraJomeFs2qoKy/HDPn5vHcm2fyxksoOd
K27W4YE3aTgrcZxXWTW4cU2brXMML6CieBQ80h0lrRc0yq/8hR2LUdmgPF7vcM1E
eqxXq4/7PwLfYxOK+fM3nDj4ikxjz21tRfDTjJDkGmrCR6aTCH4=
=p5DU
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
Python-modules-team@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team