Your message dated Fri, 04 Jan 2019 18:06:43 +0000 with message-id <e1gftrn-000bdr...@fasolo.debian.org> and subject line Bug#918230: fixed in python-django 2:2.1.5-1 has caused the Debian Bug report #918230, regarding python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 918230: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-django Version: 1:1.11.17-2 Severity: grave Tags: patch security upstream Justification: user security hole Control: found -1 2:2.1.4-2 Hi, The following vulnerability was published for python-django. CVE-2019-3498[0]: Content spoofing possibility in the default 404 page If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-3498 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498 [1] https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 2:2.1.5-1 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 918...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 04 Jan 2019 18:49:35 +0100 Source: python-django Binary: python3-django python-django-doc Built-For-Profiles: nocheck Architecture: source all Version: 2:2.1.5-1 Distribution: experimental Urgency: medium Maintainer: Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 918230 Changes: python-django (2:2.1.5-1) experimental; urgency=medium . * New upstream security release: - CVE-2019-3498: Content spoofing possibility in the default 404 page. (Closes: #918230) <https://www.djangoproject.com/weblog/2019/jan/04/security-releases/> * Drop 0007-Fixed-29182-Adjusted-SQLite-schema-table-alteration-.patch; applied upstream. (re. #915626) * Move to debhelper-compat virtual package. * debian/control: - Bump debhelper compatibility level to 12. - Bump Standards-Version to 4.3.0. Checksums-Sha1: 13e676cf51c36caa60223db8aa0fdacb6aaffb72 2709 python-django_2.1.5-1.dsc 67297b08e31b9f4562bb6813cc28b897fdcc49a5 8612384 python-django_2.1.5.orig.tar.gz 08f3f761fb37cfabba1cb4e7063629ebfe21a3e3 24432 python-django_2.1.5-1.debian.tar.xz b9a1cfd38de16388ae0ea132da355dc90eaa312a 3043976 python-django-doc_2.1.5-1_all.deb 404834d6a8bf8f2c303d4f6274a6c1eb82ee9d52 7158 python-django_2.1.5-1_amd64.buildinfo 3072eeb8f1db9af7ce915878ac6e1d650c0ff520 2587964 python3-django_2.1.5-1_all.deb Checksums-Sha256: 2cca7817f2639ea7569e55a84f119255145fe8477cb9ecf62c65ccaa576a4b89 2709 python-django_2.1.5-1.dsc d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3 8612384 python-django_2.1.5.orig.tar.gz 2c3d1e1d48ace5fdef32a1ddc6c00400ef6a997e4a4c554b20efb6726801ea83 24432 python-django_2.1.5-1.debian.tar.xz 3235f48f5cfaa5ff596d24594811ed8e0927f45b8d48d4c3aa54b3a3f2c954c4 3043976 python-django-doc_2.1.5-1_all.deb 3d3e83ee116c17ebc4313d0b53f628e7c31f79300c1bd739612c7b134b731f7d 7158 python-django_2.1.5-1_amd64.buildinfo 93cc69f6aaaefe0d38fa649335b89572f44375f98f8590e0e5d3a466ccc46faf 2587964 python3-django_2.1.5-1_all.deb Files: 5a75a5f3af3996a526c8100fc3887122 2709 python optional python-django_2.1.5-1.dsc 9309c48c8b92503b8969a7603a97e2a1 8612384 python optional python-django_2.1.5.orig.tar.gz 19ac29cd2948465f86e8b5bbcf308273 24432 python optional python-django_2.1.5-1.debian.tar.xz fe0d73d93c0ad62869eb0b247ae81c8a 3043976 doc optional python-django-doc_2.1.5-1_all.deb bb13c477dc34415fd6b19ba6af4d01fc 7158 python optional python-django_2.1.5-1_amd64.buildinfo a85b32a4e21264fa7dedff6842fa924c 2587964 python optional python3-django_2.1.5-1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwvneYACgkQHpU+J9Qx Hli/og//aIQtqnHpWfMp67DVC1xinFORnpSERkdh4ukcxzTB50cMv3MGQDUw11S7 G8Zl0V3kOo+AyQkgidXQimN+w4H8jliAv3cJRYmFDyTf8Cx5NmjS0s3y82qDU2NM hSIhlYWV0VoqITpVy2pnmYHOJxbO2hlTWT4vNxs605K3Ivw21+voIu4NUhLUNdnp s23iSdjMnnGasYhFhTGMOIFhq0lPDrvRa2FODlv0T+lVBd044g7o/iq2B2SNDaKs VRjxpapo5Det8Zlhmec3QSMJ0Ki2OX7gnhyi1eb43P4qF9cHFA/h4xF3UR7T7xCx Pdz/ULlD+di0QSP57B9Ptn1FUjZTq0wtUeXr+DRPferjahsvp+z9hULjkguMXvMN +CVs6O2ErA1dBKAcnuF301xN4aY0wsvhhphPPxTmGyEJpDwoptWX0+B5+nUMa0fK tjTOq2FalazeLbC6zZ7jU9bmlCcybdUGisv262TUYdH+FNcmMOxEbOyynSlf0BT1 6hqkXvGX+O5sFhHVaEvJYA7H6ZrZqakSZ+2LJzn4TbJykONu/kAmORHQdxCxv+km LkIlvNHNgtZU9Y00riSVHr3BnPcfbjs35MTduXbUFcT2F1I6SFSvpM6O81Aqs9KH /+gi75U9slK/ui2UQkubDqsT7wOH8Mch2MhOwxYB1QEV65QM9K8= =BGdp -----END PGP SIGNATURE-----
--- End Message ---
