Your message dated Tue, 05 Jan 2021 23:20:17 +0000
with message-id <[email protected]>
and subject line Bug#979376: fixed in python-django-channels 3.0.3-1
has caused the Debian Bug report #979376,
regarding CVE-2020-35681: potential leakage of session identifiers using legacy 
AsgiHandler
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
979376: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979376
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-django-channels
Version: 3.0.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for python-django-channels.

CVE-2020-35681[0]:
| Potential leakage of session identifiers using legacy AsgiHandler

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-35681
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35681
[1] https://channels.readthedocs.io/en/latest/releases/3.0.3.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: python-django-channels
Source-Version: 3.0.3-1
Done: Michael Fladischer <[email protected]>

We believe that the bug you reported is fixed in the latest version of
python-django-channels, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Fladischer <[email protected]> (supplier of updated 
python-django-channels package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 Jan 2021 23:58:27 +0100
Source: python-django-channels
Architecture: source
Version: 3.0.3-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Team <[email protected]>
Changed-By: Michael Fladischer <[email protected]>
Closes: 979376
Changes:
 python-django-channels (3.0.3-1) unstable; urgency=low
 .
   * New upstream release to fix CVE-2020-35681 (Closes: #979376).
   * Add python3-pytest-asyncio to Build-Depends, required by tests.
   * Enable upstream testsuite for autopkgtests.
Checksums-Sha1:
 9a4fc363acf7ab345e559c5a7b412a7649db97dc 2141 
python-django-channels_3.0.3-1.dsc
 f3413849ca924eaf0ce7984b83a1046db97828c3 197073 
python-django-channels_3.0.3.orig.tar.gz
 888e2719fb0bb71d53d77892dde4504262e6fb99 4076 
python-django-channels_3.0.3-1.debian.tar.xz
 795e43bc652c8d775950d990060bbf5a018c7fd5 9833 
python-django-channels_3.0.3-1_amd64.buildinfo
Checksums-Sha256:
 63082b2eb2fac2f000e02d579bd9961041f65576107ca12b67d4a92233bbfcf4 2141 
python-django-channels_3.0.3-1.dsc
 441d4066f12b451566edc6e1c53ea275006aba7dcf6a95a5a741e1c3e522d4de 197073 
python-django-channels_3.0.3.orig.tar.gz
 23490f8eb2ed89cb759ccaff1d32fd0ba9e22df242df65bfb8052d0dc82ffdec 4076 
python-django-channels_3.0.3-1.debian.tar.xz
 4167da57d11ddb7a6f57deb348396c722ecad65a1b8447b76b52a38827741043 9833 
python-django-channels_3.0.3-1_amd64.buildinfo
Files:
 965a21c311e43599f9e73c814354518b 2141 python optional 
python-django-channels_3.0.3-1.dsc
 ccf393cf38ad55f3db3e30f3e710f8a9 197073 python optional 
python-django-channels_3.0.3.orig.tar.gz
 8eea838721584011a4fee3def7677a62 4076 python optional 
python-django-channels_3.0.3-1.debian.tar.xz
 16147dd20c32296fa26fae340fe8e6e5 9833 python optional 
python-django-channels_3.0.3-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAl/08FQACgkQ/9PIi5l9
0WoJkAf7BETx2ZPgcpX6Pb8TzPyUeTNHS3nPqB1TdeuzRMyHKT7G4sElHSzdQg4H
Ph0t1eOGQgxiflP4R9wvNjE1ntf/CzALaLra9FYLW3i70XxekfaGzbnmP+lKwa3M
zJxplaUpWO+U1hcf+KenLohhugf4Kq/bZN1DpNLR0Pb/97DOiWbtRYBofIMobuXM
Iws8Ib0FltE+E2NK1xj2/2BSQ86CIX0K6Aw9dheyiCada/TK7/W0fPKAlw4Tx5jo
NRCoD6jdMn9D24Htq0PjwE5YGuhaJGiFDy7PnLU/M6MUA9Nv3XxnqzE+P8hs9dpU
CmpihdDEHZWA01EsBW7EaufdYN8MIQ==
=6jkn
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to