[Python-modules-team] Bug#918230: python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page
Salvatore Bonaccorso
carnil at debian.org
Sun Jan 6 16:28:41 GMT 2019
Hi Chris,
On Sun, Jan 06, 2019 at 09:39:30AM +0100, Chris Lamb wrote:
> Hi Salvatore,
>
> > With the 0017-CVE-2019-3498.patch patch there is something strange.
> > While it touches correctly the files django/views/defaults.py and the
> > tests, it touches and modifies files in debian/*, other patches and
> > series file.
>
> Thanks for your review. I went through my shell's history and
> unpicked what happened; whilst I had created and tested a regular
> patch file at debian/patches/CVE-2019-3498.patch I wanted to store
> everything in DPMT's Git repository and, as part of that,
> accidentally used git commit --whilst on the magic git-pq(1) branch
> and thus included all of these nonsense changes.
>
> Updated patch attached.
Thanks, looks good to me. Please go ahead with the upload to
security-master.
Thank you for your work on this update,
Regards,
Salvatore
More information about the Python-modules-team
mailing list