Hi Chris, On Thu, Aug 02, 2018 at 06:42:59AM +0100, Chris Lamb wrote: > Hi Salvatore, > > > > I've attached the following diff for a proposed 1:1.10.7-2+deb9u2 > > > update for Django: > […] > > The debdiff looks good so far, were you able to test the resulting > > package > > I believe that is covered in-depth by the additional tests I also > backported (which passes here). The package installs fine for me too I > did not alter any of my in-*production* sites to *specifically* test > pre/post application of the APPEND_SLASH handling.
Ack thanks. > > There is as well a no-dsa tagged entry (CVE-2017-12794), which is only > > relevant when "DEBUG = true". But as we do an update now via a DSA, we > > can include this fix as well. > > That makes sense. Shall I go ahead and add this CVE-2017-12794 and send > another debdiff? Yes please. Thanks and regards, Salvatore
