[Python-modules-team] Bug#931316: python-django: CVE-2019-12308: Incorrect HTTP detection with reverse-proxy connecting via HTTPS

Moritz Mühlenhoff jmm at inutil.org
Tue Jul 2 21:52:48 BST 2019


On Mon, Jul 01, 2019 at 05:57:51PM -0300, Chris Lamb wrote:
> [Adding team at security.debian.org, to CC]
> 
> Hi Salvatore,
> 
> > Control: found -1 2:2.2.1-1
> > Control: found -1 1:1.10.7-2+deb9u4
> > Control: found -1 1:1.10.7-1
> 
> I've uploaded fixes to experimental, unstable and to jessie LTS. 
> 
> Security team (added to CC), would you like an upload for stable?

Please do, if we do a DSA, let's also include the fixes for CVE-2019-6975
and CVE-2019-12308 which were previously postponed due to low impact, ack?

Cheers,
        Moritz



More information about the Python-modules-team mailing list