Your message dated Wed, 18 Dec 2019 15:35:22 +0000 with message-id <e1ihbma-000aof...@fasolo.debian.org> and subject line Bug#946937: fixed in python-django 2:2.2.9-1 has caused the Debian Bug report #946937, regarding python-django: CVE-2019-19844: Potential account hijack via password reset form to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 946937: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946937 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1:1.10.7-2+deb9u6 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2019-19844[0][1]: Potential account hijack via password reset form If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-19844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844 [1] https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 2:2.2.9-1 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 946...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 18 Dec 2019 12:28:31 +0000 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:2.2.9-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 946937 Changes: python-django (2:2.2.9-1) unstable; urgency=medium . * New upstream security release. (Closes: #946937) <https://www.djangoproject.com/weblog/2019/dec/18/security-releases/> Checksums-Sha1: 2084436cb89a6308542d79e3dd743e101c2b3310 2741 python-django_2.2.9-1.dsc c5a1c4bec360b4e98e839fcf6088b8eb1599c1ed 9006404 python-django_2.2.9.orig.tar.gz 64c4677535831cdd2b0ba9b97a1415118e2c9a89 25800 python-django_2.2.9-1.debian.tar.xz 749e9bbf524c66eafa74226258d8e6cba98c8250 7476 python-django_2.2.9-1_amd64.buildinfo Checksums-Sha256: fe4053d8df0f10adfd0833991a0f20dcd17505431ee5ae020db24c30021a0486 2741 python-django_2.2.9-1.dsc 662a1ff78792e3fd77f16f71b1f31149489434de4b62a74895bd5d6534e635a5 9006404 python-django_2.2.9.orig.tar.gz 761abd8542aed52fa2ad85a4256a0e0575c372c4a440e1ac5ca5ee256081d40c 25800 python-django_2.2.9-1.debian.tar.xz e431652344d7a71a409ec529ec70465a7ca4c35f7b1398bb3e7a45d99902c7d8 7476 python-django_2.2.9-1_amd64.buildinfo Files: e316ee8fbfbee1d45a3400b94e002e4f 2741 python optional python-django_2.2.9-1.dsc a9a6555d166196e502b69715341f7ad4 9006404 python optional python-django_2.2.9.orig.tar.gz 9369e6ad7de0337af046e96e406819dc 25800 python optional python-django_2.2.9-1.debian.tar.xz 683d26ecc2d3d2a890ffc651d17f68b7 7476 python optional python-django_2.2.9-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl36RM0ACgkQHpU+J9Qx HlgRiA/5AecoBqPZDjg5CQMqE+NZmnswAmJWK5INLCeGkzKTSnu/XW3NqjpHEHD0 zzmMxkeXEoq0npVWS+tw1dlEbXzS8CojTcnGoTpDMJNhbXng2H4Td+DfM9ljgHW/ GdRdaCByd1ipIiou5t/L1FMGSbpem69xgvBdb8Mx7xqDlx+SB/+IWpD0kw/CMIIf gxtPmksPPEguNu5UAh+5enSh8XQ/DPiWUy8Q3cGK+Wqyngc1jORqb4U0ptTQWmvs U7EHynwnOHmLYoot2q21NtWfcdHok3+moGqPd4OGljp9K5nwKFL62p+TbN9q8G/n 4vfeo9tjkRrNAKs4aQRRcSO2mVVvm7QYyC/IN6FREJH0VqY+sMKPlB/d3eGGeC90 14h9xDtb1EDwwAcTYgV7okcyygvlL8yEhRqfxOX9HSrQTq7gaf93yKeVUAXNWifm ngF93NgXeT2pWpK35Jc0Sh6GDyXpLEBUWNxcA4Pyi0Gcjb9PhY4HG+ly5g6n41Lf WWNKZTL2srvLsO+TzLKcBM/70u6qxtT6uUwB3DfFQw7SryHaF+wFe7wGivB8Ks9E dYIWLbeOknG8/G7EURLHtLtnTLujlE7I57y9vFOohuEzSuH9NKkaWf+TaNLyd70K sZM8lC36KslKJ0qhNZVhMgg2boGbS8psp/P0c/rdI7kL8NPlQj0= =+uYM -----END PGP SIGNATURE-----
--- End Message ---
