[Python-modules-team] Bug#946011: python-django: CVE-2019-19118

Chris Lamb lamby at debian.org
Tue Dec 3 20:25:42 GMT 2019


Dear Salvatore,

> > Security team, would you like an upload for stable?
> 
> As far I can see this issue has been introduced around 2.1 where the
> search support for view permissions and a read-only admin support was
> added.  […]

Upon further inspection that is my reading too. I was being overly-
cautious in assuming that it was vulnerable without doing any checking
first, thus leading to this noise (for which I apologise).

I have updated data/dla-needed.txt and data/CVE/list to match.


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org 🍥 chris-lamb.co.uk
       `-



More information about the Python-modules-team mailing list