[Python-modules-team] Bug#946937: python-django: CVE-2019-19844: Potential account hijack via password reset form
Chris Lamb
lamby at debian.org
Wed Dec 18 09:25:44 GMT 2019
Package: python-django
Version: 1:1.10.7-2+deb9u6
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-django.
CVE-2019-19844[0][1]: Potential account hijack via password
reset form
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-19844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
[1] https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org / chris-lamb.co.uk
`-
More information about the Python-modules-team
mailing list