[Python-modules-team] Bug#918230: python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page

Chris Lamb lamby at debian.org
Sun Jan 6 08:39:30 GMT 2019

Hi Salvatore,

> With the 0017-CVE-2019-3498.patch patch there is something strange.
> While it touches correctly the files django/views/defaults.py and the
> tests, it touches and modifies files in debian/*, other patches and
> series file.

Thanks for your review. I went through my shell's history and
unpicked what happened; whilst I had created and tested a regular
patch file at debian/patches/CVE-2019-3498.patch I wanted to store
everything in DPMT's Git repository and, as part of that,
accidentally used git commit --whilst on the magic git-pq(1) branch
and thus included all of these nonsense changes.

Updated patch attached.


     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 918230.diff.txt
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20190106/4b83547e/attachment-0001.txt>

More information about the Python-modules-team mailing list