Your message dated Mon, 01 Feb 2021 12:18:55 +0000 with message-id <e1l6yar-0004gb...@fasolo.debian.org> and subject line Bug#981562: fixed in python-django 2:2.2.18-1 has caused the Debian Bug report #981562, regarding python-django: CVE-2021-3281 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 981562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1.7.11-1+deb8u10 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django: CVE-2021-3281[0] https://www.djangoproject.com/weblog/2021/feb/01/security-releases/ At a first glance, all of jessie, stretch, buster, bullseye, sid and experimental are vulnerable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3281 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3281 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 2:2.2.18-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 981...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 01 Feb 2021 11:59:58 +0000 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:2.2.18-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 981562 Changes: python-django (2:2.2.18-1) unstable; urgency=medium . * New upstream security release: . - CVE-2021-3281: Potential directory-traversal via archive.extract(). . The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments. (Closes: #981562) . <https://www.djangoproject.com/weblog/2021/feb/01/security-releases/> . * Drop 0006-Fixed-31850-Fixed-BasicExtractorTests.test_extractio.patch; applied upstream. Checksums-Sha1: 5be0eab5bc2ea4687d6b39aecc90c422fc985c9a 2779 python-django_2.2.18-1.dsc b0f4d5e684f70717113d79dfe44c5d8bf88a826a 9180844 python-django_2.2.18.orig.tar.gz 62f00a124fc13312879d0440e4d1b662e947cb64 26532 python-django_2.2.18-1.debian.tar.xz 1a2e627e3e76e8484c5024bb33c6ca1a0dd00e33 7781 python-django_2.2.18-1_amd64.buildinfo Checksums-Sha256: 95cb504064636be4757c71bd85b63bf43f8971136e8210fd705efa732307318c 2779 python-django_2.2.18-1.dsc c9c994f5e0a032cbd45089798b52e4080f4dea7241c58e3e0636c54146480bb4 9180844 python-django_2.2.18.orig.tar.gz a30ad38ea067f0f078c709d880aa1ca88c286e2351be84c8fcb290fc028c6fb7 26532 python-django_2.2.18-1.debian.tar.xz b523ac0c6aa7c8e2a815e99a197845ffd8fb1112510589d7cda03020e8bdf0eb 7781 python-django_2.2.18-1_amd64.buildinfo Files: 4e8cdb6b09b605433932812c5d00388b 2779 python optional python-django_2.2.18-1.dsc c6cf78dae9c0be5833d37be73ab63962 9180844 python optional python-django_2.2.18.orig.tar.gz 0cd02934c79fc5288ed8cf26549fdd14 26532 python optional python-django_2.2.18-1.debian.tar.xz 149a421f5312aca844e89be20ae042af 7781 python optional python-django_2.2.18-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAX7i8ACgkQHpU+J9Qx Hlis/g/+OxiRxNkPBruvpzT8OvrQ4MBCKLwbgF+RAd/X7c9ALWM+zENibd+KAuC8 wJSClxXCKdhy2+iD2sl+JRWJLjIwa6K0sbOLcqEKmCdSUmSQHt00/DX62HHuoaqA z6UkFwrbeQNdy5pO3AxcjJ4hlGeA215VV/LW92cBaJ4HT21RhZiwdEs7tb2WZCZ2 HVkDfQNuD4daoWI62JIDEWFW29Tjvwdo+y/7gTZJL6YjadVDjz5zrLoqOIl0dR5t bMYe+Oxe1ieJJUdm0WAuk24/wN7lN6Lw7Z5JdwzLNaP13U8TwEvwowZUU/eQZ9aE FOnkr/OddE+1m3NI5pKckCQ3JVwmxy7AJ+Jo79JVemV7KsU+zmMst2EauiL8p6Ts sBgV1F5qaSOD1at/z15nhjU/oBQYv/RgnTnLPnc0/FuyNCWDpB6MQOlyuYbh4/Bh amuEs5uXA2d6p3OAgAfedD3mh4mqV2BJNoTOlx46Ku92sqH6gvitUr/Rj1gkn4bW ec53gpwVg6YNLSPwmQNRopORj6S47cUWi7X4ucwnq8WL6xgS2ZrudHwUODPKEWri UUj7pZYPy/gBZbOEn58dBq+TO3tooZ4KqoRFJIlM7CQlvPas92xcfHuNRM3qwSv6 BSVnl0N+jGmz+fxHMwirtVxjjEJ2/ibJC3+hV1fa9A2v9xifzF0= =WBx/ -----END PGP SIGNATURE-----
--- End Message ---
