Your message dated Tue, 29 Jan 2019 13:02:16 +0000 with message-id <e1got1s-000az4...@fasolo.debian.org> and subject line Bug#918230: fixed in python-django 1:1.10.7-2+deb9u4 has caused the Debian Bug report #918230, regarding python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 918230: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-django Version: 1:1.11.17-2 Severity: grave Tags: patch security upstream Justification: user security hole Control: found -1 2:2.1.4-2 Hi, The following vulnerability was published for python-django. CVE-2019-3498[0]: Content spoofing possibility in the default 404 page If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-3498 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3498 [1] https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 1:1.10.7-2+deb9u4 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 918...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 06 Jan 2019 09:35:11 +0100 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1:1.10.7-2+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 918230 Changes: python-django (1:1.10.7-2+deb9u4) stretch-security; urgency=high . * CVE-2019-3498: Prevent a content-spoofing vulnerability in the default 404 page. (Closes: #918230) Checksums-Sha1: 5efaeaca83b3a50a1a7ec625754de098699167e1 2804 python-django_1.10.7-2+deb9u4.dsc 5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654 python-django_1.10.7.orig.tar.gz e01359592fda6efd3190c089c116656e3f757b07 37644 python-django_1.10.7-2+deb9u4.debian.tar.xz fe1b2e76cafe244b60191437c3b0f9f0f0f93e38 1514142 python-django-common_1.10.7-2+deb9u4_all.deb db37122f7bd1f91089d7aa2a873f39e870a98660 2535672 python-django-doc_1.10.7-2+deb9u4_all.deb bffd8fe13bb80f0f531bec564ef0caf864a84334 903582 python-django_1.10.7-2+deb9u4_all.deb 95eaf30ff4a2879349d0dc0105587a6f0ac29a96 9306 python-django_1.10.7-2+deb9u4_amd64.buildinfo ebd316e1b60275c3718ee034b2779070d5f9d5f0 885312 python3-django_1.10.7-2+deb9u4_all.deb Checksums-Sha256: 5580bf9ca6d79a6adde05a8b5d302ef92ca8cc5d58f32234de5fa53d2a0be73d 2804 python-django_1.10.7-2+deb9u4.dsc 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654 python-django_1.10.7.orig.tar.gz 88e3bf0c7f30c6fcbee6269b107cfa23e23f799d747dab2900ec8886e0606fac 37644 python-django_1.10.7-2+deb9u4.debian.tar.xz 30867f974673e8476e0be00a385642b789bf556a2aa2a3784f2928f8fc90f73c 1514142 python-django-common_1.10.7-2+deb9u4_all.deb 89d8e2891242665c410bfcc9a9d7bbcecb82173cccd831244dc14527deac9041 2535672 python-django-doc_1.10.7-2+deb9u4_all.deb ce7fb9dc817ffb285193f5f9b5eaffb20a5a4bb55f2e0eb5bc0d803604f2720c 903582 python-django_1.10.7-2+deb9u4_all.deb 1952f40cdbcf336562d88dd908a672a70aa0dd2728e506dc61544f5df4aac81a 9306 python-django_1.10.7-2+deb9u4_amd64.buildinfo d45a6993b629ee6a098407058b3e52b4a2715ae0abc276af6ddefadb55975c97 885312 python3-django_1.10.7-2+deb9u4_all.deb Files: d92baefb611435ceb37f9d868c863cc2 2804 python optional python-django_1.10.7-2+deb9u4.dsc 693dfeabad62c561cb205900d32c2a98 7737654 python optional python-django_1.10.7.orig.tar.gz b92973c03f17d3b9ed1bba70edf07cab 37644 python optional python-django_1.10.7-2+deb9u4.debian.tar.xz e850ff2d5f0a0a5d8a136616c1e3a3fa 1514142 python optional python-django-common_1.10.7-2+deb9u4_all.deb a7560502fc611e5c9c1aaa7fa92d0511 2535672 doc optional python-django-doc_1.10.7-2+deb9u4_all.deb 47ca744e66278d9dc38748c28557f91c 903582 python optional python-django_1.10.7-2+deb9u4_all.deb 66a2210dbe3d96c9992394c4384c2fea 9306 python optional python-django_1.10.7-2+deb9u4_amd64.buildinfo d569435e9bab9af9d8f9f0ae669c9eeb 885312 python optional python3-django_1.10.7-2+deb9u4_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwyNzIACgkQHpU+J9Qx HlgEaxAAs9Kim/P8eP9gvfVSN5Y0wNd++lQGzi/A0ml3wBd/lhkKt9jAuo1f7L6w 0YyrAW6OsqBtTwxFONVACuxouE+XO7lS/347JekwcNHTDCAbTBYRtXsK44xYvnkK Z9flEHXaw5TDy/ZbkhQRr+yXGskMe4p1xS2OWVwqpjJy1Xf1lwpRl6t1u0Fckz+N ZlFIyfqj98Rpkkzy8vvB3RFsrOfMe6PnmiOIQm1xSJ0Raaa2EbdaYDtiCXjJgb4t p8FZDUDzlz80cp2tM/nTCZTkgwHY5WZWNFBQVSF+DDxnRUUuyNrLJwenTcjujWFy acqG9svytSH6h4Nc/t9mba9GKCZRSjR3S/iFKZumEDyBlm1/ABUmlfWsZM7v0tjN pCF77BQLrwJwr3qPBo4QaT5Gz/u/ztr84rjQ6IJPIHI9FEOvV1BeiTtsoBXoAnl3 3p4bb43OZFNhuUVR3mJ6caWABPXBFmfgzev78+U08ehAD9FiGspCo9mQr2eiUvid oN9TX+oYkOelMkVmpWC2gird2wphJMXUzELSwe7DkzwvCq/oF5QZDcLOARbOg+oQ stxQLcxIDYWRUHx8uk784s/a2tNbh1nzNs52GWmTppnXOlXR1ZSJrrQhKD8n2WsL YQ6pfoSSN7CdTQ2rUq4be6YjpoLWVPQ8At5kAeuxsN3nKZAtiX8= =gh65 -----END PGP SIGNATURE-----
--- End Message ---
