Bug#946011: python-django: CVE-2019-19118

Hi Chris, On Tue, Dec 03, 2019 at 09:25:42PM +0100, Chris Lamb wrote: > Dear Salvatore, > > > > Security team, would you like an upload for stable? > > > > As far I can see this issue has been introduced around 2.1 where the > > search support for view permissions and a read-only admin support w

Bug#946011: python-django: CVE-2019-19118

Dear Salvatore, > > Security team, would you like an upload for stable? > > As far I can see this issue has been introduced around 2.1 where the > search support for view permissions and a read-only admin support was > added. […] Upon further inspection that is my reading too. I was being overl

Bug#946011: python-django: CVE-2019-19118

Hi Chris, On Mon, Dec 02, 2019 at 09:30:49PM +0100, Chris Lamb wrote: > Chris Lamb wrote: > > > Package: python-django > > Version: 1.7.11-1+deb8u7 > […] > > CVE-2019-19118[0]: > > | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model > > | editing. A Django model admin displayi

Bug#946011: python-django: CVE-2019-19118

Chris Lamb wrote: > Package: python-django > Version: 1.7.11-1+deb8u7 […] > CVE-2019-19118[0]: > | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model > | editing. A Django model admin displaying inline related models, where > | the user has view-only permissions to a parent mode

Bug#946011: python-django: CVE-2019-19118

Package: python-django Version: 1.7.11-1+deb8u7 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for python-django. CVE-2019-19118[0]: | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model | editing. A Django mo