Bug#922027: python-django: Django security release

2019-02-14 Thread Moritz Mühlenhoff
On Mon, Feb 11, 2019 at 03:07:36PM +0100, Chris Lamb wrote: > [Adding t...@security.debian.org to CC] > > Chris Lamb wrote: > > > retitle 922027 CVE-2019-6975: Memory exhaustion in > > django.utils.numberformat.format() > > severity 922027 grave > > found 922027 1:1.10.7-2+deb9u3 > > tags 922027

Bug#922027: python-django: Django security release

2019-02-14 Thread Chris Lamb
Hi Moritz, > > Security team, may I upload this to stretch-security? Diff attached. > > This doesn't warrant a DSA, let's postpone this until more severe comes up. Noted. Can you update data/CVE/list? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chr

Bug#922027: python-django: Django security release

2019-02-13 Thread Chris Lamb
Chris Lamb wrote: > [Adding t...@security.debian.org to CC] > > > retitle 922027 CVE-2019-6975: Memory exhaustion in > > django.utils.numberformat.format() > > severity 922027 grave > > found 922027 1:1.10.7-2+deb9u3 > > tags 922027 + security > > thanks > > Security team, may I upload this to

Bug#922027: python-django: Django security release

2019-02-11 Thread Chris Lamb
[Adding t...@security.debian.org to CC] Chris Lamb wrote: > retitle 922027 CVE-2019-6975: Memory exhaustion in > django.utils.numberformat.format() > severity 922027 grave > found 922027 1:1.10.7-2+deb9u3 > tags 922027 + security > thanks Security team, may I upload this to stretch-security? Di

Bug#922027: python-django: Django security release

2019-02-11 Thread Chris Lamb
retitle 922027 CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() severity 922027 grave found 922027 1:1.10.7-2+deb9u3 tags 922027 + security thanks Hi, Noted that upstream might re-release. Will hold off for the time being: https://code.djangoproject.com/ticket/30175#comm

Bug#922027: python-django: Django security release

2019-02-11 Thread Herbert Fortes
On Mon, 11 Feb 2019 10:15:54 -0200 Herbert Fortes wrote: > Package: python-django > Version: Django 2.2, 1.11 > Severity: normal > > > CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() > > If django.utils.numberformat.format() -- used by contrib.admin as well as the > the fl

Bug#922027: python-django: Django security release

2019-02-11 Thread Herbert Fortes
Package: python-django Version: Django 2.2, 1.11 Severity: normal CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() -- used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters -- received a D