<div dir="ltr">Yep, planning on tackling this evening. (PDT)<div><br></div><div>Per discussion with Security Team a DSA isn't warranted for this issue.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 4 Jun 2019 at 10:11, Chris Lamb <<a href="mailto:lamby@debian.org" target="_blank">lamby@debian.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">[Adding <a href="mailto:lfaraone@debian.org" target="_blank">lfaraone@debian.org</a> to CC]<br>
<br>
Salvatore Bonaccorso wrote<br>
<br>
> CVE-2019-12308[0]:<br>
> AdminURLFieldWidget XSS<br>
> <br>
> If you fix the vulnerability please also make sure to include the<br>
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.<br>
> <br>
> For further information see:<br>
> <br>
> [0] <a href="https://security-tracker.debian.org/tracker/CVE-2019-12308" rel="noreferrer" target="_blank">https://security-tracker.debian.org/tracker/CVE-2019-12308</a><br>
>     <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308" rel="noreferrer" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308</a><br>
> [1] <a href="https://www.djangoproject.com/weblog/2019/jun/03/security-releases/" rel="noreferrer" target="_blank">https://www.djangoproject.com/weblog/2019/jun/03/security-releases/</a><br>
<br>
Luke, do you still plan to take this as discussed during the embargo? I<br>
might have some bandwidth the next day or so if not, but let me know.<br>
<br>
<br>
Regards,<br>
<br>
-- <br>
      ,''`.<br>
     : :'  :     Chris Lamb<br>
     `. `'`      <a href="mailto:lamby@debian.org" target="_blank">lamby@debian.org</a> 🍥 <a href="http://chris-lamb.co.uk" rel="noreferrer" target="_blank">chris-lamb.co.uk</a><br>
       `-<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail-m_-8267941389303227257gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre cols="72">Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs; MIT SIPB
lfaraone on irc.[freenode,oftc].net -- <a href="https://luke.wf/ohhello" target="_blank">https://luke.wf/ohhello</a>
PGP fprint: 8C82 3DED 10AA 8041 639E  1210 5ACE 8D6E 0C14 A470</pre></div></div></div></div>