[Python-modules-team] Bug#929927: python-django: CVE-2019-12308: AdminURLFieldWidget XSS
lfaraone at debian.org
Tue Jun 4 17:17:15 BST 2019
Yep, planning on tackling this evening. (PDT)
Per discussion with Security Team a DSA isn't warranted for this issue.
On Tue, 4 Jun 2019 at 10:11, Chris Lamb <lamby at debian.org> wrote:
> [Adding lfaraone at debian.org to CC]
> Salvatore Bonaccorso wrote
> > CVE-2019-12308:
> > AdminURLFieldWidget XSS
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> > For further information see:
> >  https://security-tracker.debian.org/tracker/CVE-2019-12308
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
> >  https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
> Luke, do you still plan to take this as discussed during the embargo? I
> might have some bandwidth the next day or so if not, but let me know.
> : :' : Chris Lamb
> `. `'` lamby at debian.org 🍥 chris-lamb.co.uk
Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs; MIT SIPB
lfaraone on irc.[freenode,oftc].net -- https://luke.wf/ohhello
PGP fprint: 8C82 3DED 10AA 8041 639E 1210 5ACE 8D6E 0C14 A470
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-modules-team