[Python-modules-team] Bug#929927: python-django: CVE-2019-12308: AdminURLFieldWidget XSS
Luke Faraone
lfaraone at debian.org
Tue Jun 4 17:17:15 BST 2019
Yep, planning on tackling this evening. (PDT)
Per discussion with Security Team a DSA isn't warranted for this issue.
On Tue, 4 Jun 2019 at 10:11, Chris Lamb <lamby at debian.org> wrote:
> [Adding lfaraone at debian.org to CC]
>
> Salvatore Bonaccorso wrote
>
> > CVE-2019-12308[0]:
> > AdminURLFieldWidget XSS
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2019-12308
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
> > [1] https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
>
> Luke, do you still plan to take this as discussed during the embargo? I
> might have some bandwidth the next day or so if not, but let me know.
>
>
> Regards,
>
> --
> ,''`.
> : :' : Chris Lamb
> `. `'` lamby at debian.org 🍥 chris-lamb.co.uk
> `-
>
--
Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs; MIT SIPB
lfaraone on irc.[freenode,oftc].net -- https://luke.wf/ohhello
PGP fprint: 8C82 3DED 10AA 8041 639E 1210 5ACE 8D6E 0C14 A470
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20190604/5ba727df/attachment.html>
More information about the Python-modules-team
mailing list