[Python-modules-team] Bug#905216: python-django: CVE-2018-14574: Open redirect possibility in CommonMiddleware
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 2 06:50:49 BST 2018
Hi Chris,
On Thu, Aug 02, 2018 at 06:42:59AM +0100, Chris Lamb wrote:
> Hi Salvatore,
>
> > > I've attached the following diff for a proposed 1:1.10.7-2+deb9u2
> > > update for Django:
> […]
> > The debdiff looks good so far, were you able to test the resulting
> > package
>
> I believe that is covered in-depth by the additional tests I also
> backported (which passes here). The package installs fine for me too I
> did not alter any of my in-*production* sites to *specifically* test
> pre/post application of the APPEND_SLASH handling.
Ack thanks.
> > There is as well a no-dsa tagged entry (CVE-2017-12794), which is only
> > relevant when "DEBUG = true". But as we do an update now via a DSA, we
> > can include this fix as well.
>
> That makes sense. Shall I go ahead and add this CVE-2017-12794 and send
> another debdiff?
Yes please.
Thanks and regards,
Salvatore
More information about the Python-modules-team
mailing list