Bug#918230: marked as done (python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page)

[Debian Bug Tracking System]

Your message dated Fri, 04 Jan 2019 17:35:51 +0000
with message-id <e1gftnv-0005nc...@fasolo.debian.org>
and subject line Bug#918230: fixed in python-django 1:1.11.18-1
has caused the Debian Bug report #918230,
regarding python-django: CVE-2019-3498: Content spoofing possibility in the 
default 404 page
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
918230: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: python-django
Version: 1:1.11.17-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Control: found -1 2:2.1.4-2

Hi,

The following vulnerability was published for python-django.

CVE-2019-3498[0]:
Content spoofing possibility in the default 404 page

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-3498
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498
[1] https://www.djangoproject.com/weblog/2019/jan/04/security-releases/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: python-django
Source-Version: 1:1.11.18-1

We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 918...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <la...@debian.org> (supplier of updated python-django package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 04 Jan 2019 18:23:06 +0100
Source: python-django
Binary: python-django python-django-common python-django-doc python3-django
Built-For-Profiles: nocheck
Architecture: source all
Version: 1:1.11.18-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team 
<python-modules-t...@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
 python-django - High-level Python web development framework (Python 2 version)
 python-django-common - High-level Python web development framework (common)
 python-django-doc - High-level Python web development framework (documentation)
 python3-django - High-level Python web development framework (Python 3 version)
Closes: 918230
Changes:
 python-django (1:1.11.18-1) unstable; urgency=medium
 .
   * New upstream security release:
     - CVE-2019-3498: Content spoofing possibility in the default 404 page.
       (Closes: #918230)
     <https://www.djangoproject.com/weblog/2019/jan/04/security-releases/>
   * Move to debhelper-compat virtual package.
   * Bump debhelper compatibility level to 12.
   * Bump Standards-Version to 4.3.0.
   * 0007-Fixed-29182-Adjusted-SQLite-schema-table-.patch: Fix grammar/spelling
     error in upstream patch.
Checksums-Sha1:
 0848b9f9327d5f2df65190a73a37cd7eeb22e5b3 3203 python-django_1.11.18-1.dsc
 705d631e290ba20e19c574f8bb2f2c26d281ddb1 7847617 
python-django_1.11.18.orig.tar.gz
 a4580ff4cec727f37b2e9828a66f0ef8333810f5 26072 
python-django_1.11.18-1.debian.tar.xz
 8f3726bf3e5530eddf112e8c5a494844ef531dd0 1536516 
python-django-common_1.11.18-1_all.deb
 9cb3f617f651f72e28e3fcebf65336836e308b6a 2634100 
python-django-doc_1.11.18-1_all.deb
 da01fa57f82cf2201d8b933a38e6bde4f50714c2 915560 python-django_1.11.18-1_all.deb
 96137c663dd51344223b8488527e9af9f1775566 8318 
python-django_1.11.18-1_amd64.buildinfo
 84d0406c6b53198fdda5c98c86dc703b4eb544fe 915724 
python3-django_1.11.18-1_all.deb
Checksums-Sha256:
 ba372d047e6a413c6b83b3f3db634f6d03ed1bb8cfa353358caff238c0f4acd7 3203 
python-django_1.11.18-1.dsc
 73cca1dac154e749b39cc91a54dc876109eb0512a5c6804986495305047066a5 7847617 
python-django_1.11.18.orig.tar.gz
 48877ddae20c2b6f4aa66655e878dd479b9b6920c38017b918d97ac54ea12f96 26072 
python-django_1.11.18-1.debian.tar.xz
 77dedf5be9747c718bc267191852d09a8b21bd348afbfa9e905660f6ce9ceccc 1536516 
python-django-common_1.11.18-1_all.deb
 b45d55ee14f4bb170751e9951b7efbd2311998c0a1d63d2749f0992bde50071e 2634100 
python-django-doc_1.11.18-1_all.deb
 79dbe265371c43f04ae3d8356f0a10d75f70a579d7d9a543c40996534d291ff0 915560 
python-django_1.11.18-1_all.deb
 a625c1822955f2f0adc9a115acc433c7b389ea28b4591d57f4529382fe5e9875 8318 
python-django_1.11.18-1_amd64.buildinfo
 78f76a9cb2010e9ea4c3fb78965cb7dceca0c783affd7e102e0f5d69f301880a 915724 
python3-django_1.11.18-1_all.deb
Files:
 725e8a5124f2246d997a4a310214cda3 3203 python optional 
python-django_1.11.18-1.dsc
 ef734560a81a8c0eb535e7a46205bd72 7847617 python optional 
python-django_1.11.18.orig.tar.gz
 92154896a95fa54ba1c942dc39b6f60d 26072 python optional 
python-django_1.11.18-1.debian.tar.xz
 237229d6bb6adf434516e338d45dc952 1536516 python optional 
python-django-common_1.11.18-1_all.deb
 f7cb2264e9b5515faa0a606752dcde57 2634100 doc optional 
python-django-doc_1.11.18-1_all.deb
 cf8eecb01e4a4d9a83e7ab96d18e244b 915560 python optional 
python-django_1.11.18-1_all.deb
 f2e58e859fb7269e2bf28d6a624210d2 8318 python optional 
python-django_1.11.18-1_amd64.buildinfo
 3a873d8b6bb689e539da80b65ec506b9 915724 python optional 
python3-django_1.11.18-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwvl6YACgkQHpU+J9Qx
HliPzA/+Mn1Va6JYhboGciDAqaNcfsb9A2g18ov84LyG9+iy9Nj2QAOY6gzPjmiA
7fobUCMEt890nhdYMsjtWRChkLZSRABdcUoOGqzGwW9apoN/VDtDaXqAkVj1pmUM
qCGujfblWgmXmMySYzjYGwCsJr3UCxpMd84AOA8E433ghNRqRcapZnn3c7TXdLOn
qDwGuL1y1l6tKqX6wKsfpJ0Qr8BbB9jcslw4wuEd47gRmnF4gw1PvYT7Vl/Jb/gM
PUsd/sJeVAThhXf6rpuPMlTmat0MeXZljXpjBVLlPKiwEU+99G17JmiElvnsRB/X
tsIapOxXR7CfbD85qvhC6oFMXhPJJgL3hinbhbTk4v+iJxg+8ISwbJ5kICs7SUBO
02knLx7DBubavqAjKC4Owc9m8ei1xZgfNiUFg7BmgPih79KnXJH3x8UHYeR9hb7x
DTf9usgIogjdILZ5RqjuVbiQN10Q3bwEgFJfYSo7sjbY0zswvFIQsE/DQ8CwekXl
qX7s9Fw77fwmFUNFjSWss//ng8Hru9/JTW6Uhq08s6I+IoikUhuSyBGRZ+RuH745
1TZaFDO6wAdbB5fhsB/PaRQWNSIoC8X3komhXRXMKXdrxpEM0GuBvnHkqN8Y4Nw4
XvbnsN9TKLTyI8CS1P23CdHxdNaS3Rzl1VK9B5rLDSJBUzHD98c=
=gkG4
-----END PGP SIGNATURE-----

--- End Message ---