[Python-modules-team] Bug#918230: python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page

Salvatore Bonaccorso carnil at debian.org
Sun Jan 6 16:28:41 GMT 2019

Hi Chris,

On Sun, Jan 06, 2019 at 09:39:30AM +0100, Chris Lamb wrote:
> Hi Salvatore,
> > With the 0017-CVE-2019-3498.patch patch there is something strange.
> > While it touches correctly the files django/views/defaults.py and the
> > tests, it touches and modifies files in debian/*, other patches and
> > series file.
> Thanks for your review. I went through my shell's history and
> unpicked what happened; whilst I had created and tested a regular
> patch file at debian/patches/CVE-2019-3498.patch I wanted to store
> everything in DPMT's Git repository and, as part of that,
> accidentally used git commit --whilst on the magic git-pq(1) branch
> and thus included all of these nonsense changes.
> Updated patch attached.

Thanks, looks good to me. Please go ahead with the upload to

Thank you for your work on this update,


More information about the Python-modules-team mailing list