[Python-modules-team] Bug#946011: python-django: CVE-2019-19118
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 4 13:21:22 GMT 2019
Hi Chris,
On Tue, Dec 03, 2019 at 09:25:42PM +0100, Chris Lamb wrote:
> Dear Salvatore,
>
> > > Security team, would you like an upload for stable?
> >
> > As far I can see this issue has been introduced around 2.1 where the
> > search support for view permissions and a read-only admin support was
> > added. […]
>
> Upon further inspection that is my reading too. I was being overly-
> cautious in assuming that it was vulnerable without doing any checking
> first, thus leading to this noise (for which I apologise).
>
> I have updated data/dla-needed.txt and data/CVE/list to match.
Thanks for double-checking and confirming!
Regards,
Salvatore
More information about the Python-modules-team
mailing list