[Python-modules-team] Bug#934026: python-django: CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
Chris Lamb
lamby at debian.org
Thu Aug 8 11:02:48 BST 2019
Hi Sébastien,
> > Security team (added to CC), would you be interested in uploads for
> > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > 1:1.10.7-2+deb9u5)?
[…]
> yes, thank you. Can you email us debdiffs ? I'll then take care of the
> review and DSAs. I've attached these and the testsuites (etc.) are
all green on my test machines.
Note that the previous changelog entry in buster was:
python-django (1:1.11.22-1~deb10u1) buster-security; urgency=high
* No-change update for buster-security.
* Update debian/gbp.conf for new debian/buster branch.
-- Chris Lamb <lamby at debian.org> Wed, 03 Jul 2019 15:18:13 -0300
… and that I've tentatively versioned the updated version to address
these new CVEs as 1:1.11.22-1+deb10u1 (ie. with a plus, not a tilde).
I mention it specifically as I'm not 100% confident this is correct
and Lintian somewhat-correctly complained about a "missing" version
(to wit, 1:1.11.22-1 its technically missing).
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org 🍥 chris-lamb.co.uk
`-
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 9.debdiff.txt
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20190808/10057e23/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 10.debdiff.txt
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20190808/10057e23/attachment-0003.txt>
More information about the Python-modules-team
mailing list