[Python-modules-team] Bug#934026: python-django: CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 8 20:27:54 BST 2019
Hi,
On Thu, Aug 08, 2019 at 02:16:29PM +0100, Chris Lamb wrote:
> Hi Moritz,
>
> > > > > Security team (added to CC), would you be interested in uploads for
> > > > > buster (currently 1:1.11.22-1~deb10u1) and stretch (currently
> > > > > 1:1.10.7-2+deb9u5)?
> […]
> > I just realised that there's a 1.11.23 (thanks Salvatore!), given that
> > we agreed to follow 1.11.x in buster, shouldn't we rather use that one?
>
> D'oh, that makes more sense. Okay, I can prepare a debdiff for that --
> however, can you just confirm the version we should use?
> 1:1.11.23-1~deb10u1?
Although I'm late for the game ;-). You can use both
1:1.11.23-1~deb10u1 or 1:1.11.23-0+deb10u1. It is a matter of what you
want the oxpress.
1:1.11.23-1~deb10u1 ... is mainly are rebuild of 1:1.11.23-1 with
maybe some additional changes. Examples for this one are e.g. the
opnejdk packages.
1:1.11.23-0+deb10u1 means ... I import 1:1.11.23 on top of the
existing packaging but released for a lower suite than sid. This in
the theoretiical case there would have been a 1:1.11.23-1 in the upper
suite it is 1:1.11.23-0+deb10u1 < 1:1.11.23-1. If you want examples
for this one for instance ghostscript, mariadb, ...
Regards,
Salvatore
More information about the Python-modules-team
mailing list