[Python-modules-team] Bug#889450: src:django-anymail: Security issue with timing attack on WEBHOOK_AUTHORIZATION
Scott Kitterman
debian at kitterman.com
Sat Feb 3 16:52:34 UTC 2018
On Sat, 03 Feb 2018 11:34:56 -0500 Scott Kitterman <debian at kitterman.com>
wrote:
> Package: src:django-anymail
> Version: 0.8-2
> Severity: serious
> Tags: security upstream
> Justification: security
>
> This affects 0.8-2 in stable and 1.2 in unstable:
>
> https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b
I've checked and the commit should apply directly to 0.8.
Scott K
More information about the Python-modules-team
mailing list