On Mon, 19 Sep 2011, Thijs Kinkhorst wrote: > > I'll let you handle the stable upload. If you can't, please tell us. > > Indeed... > > > Thijs, can you update the security tracker to mark oldstable as not > > vulnerable ? It has 1.0 and only versions >= 1.2 are vulnerable > > apparently. > > What's the base of this conclusion? I've read upstreams announcement and they > don't mention 1.0, but also don't explicitly say that it's not affected. Has > it been checked that it's indeed not affected?
The last 2 release (besides the current one) are security maintained, aka 1.1 and 1.2. Since 1.1 has not seen any update, it means it's not affected and thus 1.0 isn't as well. But we can verify this. I'm ccing James Bennett, the Django release manager. Can you confirm what I said, James? Cheers, -- Raphaël Hertzog ◈ Debian Developer Follow my Debian News ▶ http://RaphaelHertzog.com (English) ▶ http://RaphaelHertzog.fr (Français) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
