[Secure-testing-commits] r46053 - data/CVE
Brian May
bam at moszumanska.debian.org
Mon Nov 7 21:59:46 UTC 2016
Author: bam
Date: 2016-11-07 21:59:46 +0000 (Mon, 07 Nov 2016)
New Revision: 46053
Modified:
data/CVE/list
Log:
CVE-2016-9013 not worth fixing in Wheezy
- is not?\194?\160triggered by normal usage, and cannot be triggered by a malicious user.
- is documented, and can be overridden:
<https://sources.debian.net/src/python-django/1.4.5-1%2Bdeb7u16/docs/ref/settings.txt/#L669>
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-07 21:31:52 UTC (rev 46052)
+++ data/CVE/list 2016-11-07 21:59:46 UTC (rev 46053)
@@ -615,6 +615,7 @@
RESERVED
- python-django <unfixed> (bug #842856)
[jessie] - python-django <no-dsa> (Minor issue; can be updated via point release)
+ [wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
NOTE: https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9
CVE-2016-9012
More information about the Secure-testing-commits
mailing list