Your message dated Tue, 04 May 2021 12:18:30 +0000 with message-id <e1ldu0u-0001oq...@fasolo.debian.org> and subject line Bug#988053: fixed in python-django 2:3.2.1-1 has caused the Debian Bug report #988053, regarding python-django: CVE-2021-31542 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988053: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988053 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1:1.10.7-2+deb9u12 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2021-31542[0][1]: Potential directory-traversal via uploaded files If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31542 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31542 [1] https://www.djangoproject.com/weblog/2021/may/04/security-releases/ Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 2:3.2.1-1 Done: Chris Lamb <la...@debian.org> We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 04 May 2021 12:59:07 +0100 Source: python-django Built-For-Profiles: nocheck Architecture: source Version: 2:3.2.1-1 Distribution: experimental Urgency: medium Maintainer: Debian Python Team <team+pyt...@tracker.debian.org> Changed-By: Chris Lamb <la...@debian.org> Closes: 988053 Changes: python-django (2:3.2.1-1) experimental; urgency=medium . * New upstream security release: - CVE-2021-31542: Potential directory-traversal via uploaded files. (Closes: #988053) - Full release notes: <https://www.djangoproject.com/weblog/2021/may/04/security-releases/> * Refresh patches. Checksums-Sha1: 4e9aceb3f35ba90ca8d72d0b54089a23929e2c76 2779 python-django_3.2.1-1.dsc cd6f18967e13a6e67dbee4713116aab9cb348865 9820723 python-django_3.2.1.orig.tar.gz 6b5fc693f86fa6dd63c320af54bfa4b7da5c1cb9 26504 python-django_3.2.1-1.debian.tar.xz 895958e9df418436ba1198f50e7e52ec90760185 7560 python-django_3.2.1-1_amd64.buildinfo Checksums-Sha256: 76d9149f9586360d67561e5cd18460d60f6417b3949b10e712e4b0d308d294ea 2779 python-django_3.2.1-1.dsc 95c13c750f1f214abadec92b82c2768a5e795e6c2ebd0b4126f895ce9efffcdd 9820723 python-django_3.2.1.orig.tar.gz e7de92163a5dfe7abf81c3de80d59f8effa5455ebbfda16d995a764d717791e8 26504 python-django_3.2.1-1.debian.tar.xz a58113abb78c7bddf49aac771dd582b624741279064c398af43a24799bb5d7ad 7560 python-django_3.2.1-1_amd64.buildinfo Files: 5fb051d40043053c780a3234d4eed0d1 2779 python optional python-django_3.2.1-1.dsc 0ded0d3408c38f4a5cff2128f5a9c4ba 9820723 python optional python-django_3.2.1.orig.tar.gz 4e9b49570166af2a2cd26a1460e28b7b 26504 python optional python-django_3.2.1-1.debian.tar.xz 22059cd19d6dfd1deb6653f4cebb004a 7560 python optional python-django_3.2.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmCROA8ACgkQHpU+J9Qx HljunBAAo068DdgwR+39OCN2B5im9KSSwPz4T5nzQEfHaxVDW5o3kNsjQdE8qhiL jF4+AyJkx6NKJQoSoYBIS1pN6NIxM8znhYXTdzobGaCKLLL8/Ja/cQuy5GqMDiNf C7U+KqDL5IA13vBZln1VuO66pNvUkVLSZYQz1K+ki8wDOPha9HUOWmXN+j349RgX jKcNmlAVwZufkTDaDAezExdQbv8bloP+i3/4zOZ2nU13og+/p9Z+dEaAvCQ/gC/p OXxhceQzTYG2pBDWXsvZ+Q1Fqn09hizaBDWOiIfbn6dBdLetNLDJPGncNC7NafYL 3EYob/dmS6+7C+najdCNdGL4g8XT6CVvQ+4jKhO3RISDpU9Agfy37xI32Lvs0qdf Z6CoTOmEYPQ9kQnnOHxnlby0QigiSczUlphW99ueU9Y3Rj2hZkrwICeD1NdMM9e+ 5rkjell4T2xHlhpsk4dyWLUvBmCLGSL2pAT7oYlrV5rbyyc0kkCNpfwNJQOCVtKW IN0k6VmYNuPesWfjNy8rfUG+aom5Up7POuHSA9GTH6x877KsjurLtH0ZzKndNZ65 lp5wJVdU8TXsVXBKSV4uBLHN0Ck9QfJm4TJw7bkLowrCg09UuDl0MviOYDKv1VrS os1vV/P/iyPFV1kErGSZ0pWz9VJ2SlHD1uzKo6qyOAEsjHMOUoU= =keAL -----END PGP SIGNATURE-----
--- End Message ---
