[Python-modules-team] Bug#931316: python-django: CVE-2019-12308: Incorrect HTTP detection with reverse-proxy connecting via HTTPS

[Chris Lamb]

Hi Moritz,

> > Security team (added to CC), would you like an upload for stable?
> 
> Please do, if we do a DSA, let's also include the fixes for CVE-2019-6975
> and CVE-2019-12308 which were previously postponed due to low impact, ack?

Sure thing; my proposed diff is attached. It builds for me (with all
tests passing) in a stretch chroot.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org 🍥 chris-lamb.co.uk
       `-
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: python-django_1.10.7-2+deb9u5.diff.txt
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20190702/260d7cc8/attachment-0005.txt>