Your message dated Thu, 15 May 2014 22:11:55 +0200
with message-id <[email protected]>
and subject line Re: Bug#748208: python-django: Upstream security fix not in
Debian package ?
has caused the Debian Bug report #748208,
regarding python-django: Upstream security fix not in Debian package ?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
748208: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748208
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python-django
Version: 1.4.5-1+deb7u4
Severity: important
Dear Maintainer,
There has been some security fixes by upstream Django, like
https://www.djangoproject.com/weblog/2014/apr/21/security/
which is a few week old, and yet I don't see any DSA nor
patched version in the Debian archive.
Is the Debian version unaffeted ? Or else, could you make
a new release including the latest security fixes ?
Thanks for your work on packaging Django to Debian.
Regards,
-- System Information:
Debian Release: 7.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=fr_FR.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages python-django depends on:
ii python 2.7.3-4
Versions of packages python-django recommends:
ii libjs-jquery 1.7.2+dfsg-1
Versions of packages python-django suggests:
pn geoip-database-contrib <none>
pn gettext <none>
pn python-flup <none>
pn python-mysqldb <none>
pn python-psycopg <none>
ii python-psycopg2 2.4.5-1
pn python-sqlite <none>
ii python-yaml 3.10-4
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.4.5-1+deb7u7
On Thu, 15 May 2014, Gael Le Mignot wrote:
> There has been some security fixes by upstream Django, like
> https://www.djangoproject.com/weblog/2014/apr/21/security/
> which is a few week old, and yet I don't see any DSA nor
> patched version in the Debian archive.
>
> Is the Debian version unaffeted ? Or else, could you make
> a new release including the latest security fixes ?
We're definitely affected, an update was prepared but the security team
never released the update. Another set of security fixes came out this
week and I just prepared 1.4.5-1+deb7u7 which got uploaded earlier today.
I hope someone from the security team will process it shortly.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
