Re: [Python-modules-team] squeeze update of python-django?
I CCed Raphaël Hertzog as he may have missed the original email to , which is normally for automatic messages only. I think our priorities need to be with the unstable version (which also has a grave bug), and then the stable version. In the meantime however, here is a patch to the change in the 1.7.x version: https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172 The patch doesn't apply cleanly to 1.2.x in squeeze, however it looks like it should be relatively simple to apply manually... Think only the changes to django/utils/formats.py will be required. Ben Hutchings writes: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of python-django: > https://security-tracker.debian.org/tracker/CVE-2015-8213 > > Would you like to take care of this yourself? > > If yes, please follow the workflow we have defined here: > http://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. > > Thank you very much. > > Ben Hutchings, > on behalf of the Debian LTS team. > > PS: A member of the LTS team might start working on this update at > any point in time. You can verify whether someone is registered > on this update in this file: > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > > -- > Ben Hutchings - Debian developer, member of Linux kernel and LTS teams > > > ___ > Python-modules-team mailing list > python-modules-t...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team -- Brian May
Re: [Python-modules-team] squeeze update of python-django?
On Wed, 2015-11-25 at 14:55 +1100, Brian May wrote: > I CCed Raphaël Hertzog as he may have missed the > original email to , which > is normally for automatic messages only. > > > > I think our priorities need to be with the unstable version (which also > has a grave bug), and then the stable version. > > In the meantime however, here is a patch to the change in the 1.7.x > version: > > https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172 > > The patch doesn't apply cleanly to 1.2.x in squeeze, however it looks > like it should be relatively simple to apply manually... > > Think only the changes to django/utils/formats.py will be required. I already looked at that and decided that the issue probably did apply in squeeze, otherwise I wouldn't have bothered you. As Raphaël is also on the LTS team, I expect he'll want to take this. Ben. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams signature.asc Description: This is a digitally signed message part
Re: [Python-modules-team] squeeze update of python-django?
Hi, On Wed, 25 Nov 2015, Ben Hutchings wrote: > > Think only the changes to django/utils/formats.py will be required. > > I already looked at that and decided that the issue probably did apply > in squeeze, otherwise I wouldn't have bothered you. > > As Raphaël is also on the LTS team, I expect he'll want to take this. Yes, I'll take care of it in the next few days. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Re: [Python-modules-team] squeeze update of python-django?
(I took it in dsa-needed.txt but please take it back) On Wed, 25 Nov 2015, at 03:35 PM, Raphael Hertzog wrote: > Hi, > > On Wed, 25 Nov 2015, Ben Hutchings wrote: > > > Think only the changes to django/utils/formats.py will be required. > > > > I already looked at that and decided that the issue probably did apply > > in squeeze, otherwise I wouldn't have bothered you. > > > > As Raphaël is also on the LTS team, I expect he'll want to take this. > > Yes, I'll take care of it in the next few days. > > Cheers, > -- > Raphaël Hertzog ◈ Debian Developer > > Support Debian LTS: http://www.freexian.com/services/debian-lts.html > Learn to master Debian: http://debian-handbook.info/get/ > -- Chris Lamb chris-lamb.co.uk / @lolamby
Re: [Python-modules-team] squeeze update of python-django?
On Wed, 25 Nov 2015, Chris Lamb wrote: > (I took it in dla-needed.txt but please take it back) Well, first come, first served, so go ahead if you want to work on it right now. Just make sure to integrate your changes in the git repository in the debian/squeeze branch (I assume you still have commits rights to python-modules). Otherwise I'll probably work on it tomorrow or friday. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Re: [Python-modules-team] squeeze update of python-django?
> > (I took it in dla-needed.txt but please take it back) > > Well, first come, first served, so go ahead if you want to work on it > right now. Uploaded; apologies for not following up here earlier. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-