[Python-modules-team] Bug#934026: python-django: CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 2 21:36:58 BST 2019
Hi Chris,
On Mon, Sep 02, 2019 at 02:07:55PM +0100, Chris Lamb wrote:
> Chris Lamb wrote:
>
> > > > +python-django (1:1.11.23-1~deb10u1) buster-security; urgency=high
> > >
> > > Thanks, these both look good; please upload to security-master.
> >
> > Both uploaded to security-master.
>
> There is now a 1.11.24 (ie. 1:1.11.24-1~deb10u1) upstream:
>
> https://docs.djangoproject.com/en/2.2/releases/1.11.24/
>
> Shall I go ahead and upload or was .23 already accepted?
Looking at the above change, following the upstream ticket at
https://code.djangoproject.com/ticket/30672 this does not look like
this is neither a real new regression nor a very exposed
functionality (the upstream issue speaks of a undocumented and
untested usage).
Thus (if this is true), this does not really warrant another upload,
but rather will automatically be fixed in a subsequent (and likely
arising) update anyway.
Regards,
Salvatore
More information about the Python-modules-team
mailing list