Your message dated Tue, 05 Sep 2017 21:35:29 +0000 with message-id <e1dplvj-000d9j...@fasolo.debian.org> and subject line Bug#874415: fixed in python-django 1:1.11.5-1 has caused the Debian Bug report #874415, regarding python-django: CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 874415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874415 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: python-django Version: 1:1.10.7-1 Severity: normal Tags: security upstream Hi, the following vulnerability was published for python-django. CVE-2017-12794[0]: Possible XSS in traceback section of technical 500 debug page If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794 [1] https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 1:1.11.5-1 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 874...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Chris Lamb <la...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 05 Sep 2017 21:39:37 +0100 Source: python-django Binary: python-django python-django-common python-django-doc python3-django Built-For-Profiles: nocheck Architecture: source all Version: 1:1.11.5-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Chris Lamb <la...@debian.org> Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 874415 Changes: python-django (1:1.11.5-1) unstable; urgency=medium . * CVE-2017-12794: New upstream security release. (Closes: #874415) <https://docs.djangoproject.com/en/dev/releases/1.11.5/> Checksums-Sha1: b8651d8fd590730ccf84c4e72e486bdeeb1432ad 3176 python-django_1.11.5-1.dsc c16f8090c2251ff03e041afda77264474777a2d7 7875054 python-django_1.11.5.orig.tar.gz 842ad8b7104651a4bd000666235ffe76f7d5ece9 22500 python-django_1.11.5-1.debian.tar.xz 020c715af54ba043bc9aa8c753de838e426214a5 1543488 python-django-common_1.11.5-1_all.deb e9be1934d6dda555b3ae346adc3f4c6a25ff407c 2599474 python-django-doc_1.11.5-1_all.deb e133cca501bd94d849486c9ebacdad0528e0bbe5 914496 python-django_1.11.5-1_all.deb 94d82ebb7670698e9ab43c8f6da438a511783b11 8140 python-django_1.11.5-1_amd64.buildinfo 50f06b78f42336acabee882f9d74db0ba2b90029 914744 python3-django_1.11.5-1_all.deb Checksums-Sha256: bf175fa4de2e82f28de9322fe7d2e78039975d9442ab001b6526f4625c4b99e0 3176 python-django_1.11.5-1.dsc 1836878162dfdf865492bacfdff0321e4ee8f1e7d51d93192546000b54982b29 7875054 python-django_1.11.5.orig.tar.gz 2ffbbdb2dd89eda851c8c10bb8c2cf9ef06425b8be84eb6cf7b6da0083b9b3fb 22500 python-django_1.11.5-1.debian.tar.xz 32d6d60ff82849e68280439369c00b7cfa8983b9e7a3805f2557aeb3bbd917f3 1543488 python-django-common_1.11.5-1_all.deb 95d5cee710152f6a6426ae1d10eea35da2c6d5cbc1831f9fee15add5c78bd39a 2599474 python-django-doc_1.11.5-1_all.deb e5ca9c2575f567ad16ba2c58f5ce2c2331e394c19d0c184de03aa796c25ad4df 914496 python-django_1.11.5-1_all.deb c7d316d1d59a42249bc2c2d8a4c689b85bba0673fe892273acee833cfb5f939e 8140 python-django_1.11.5-1_amd64.buildinfo 2ff5f5207d500eedec84987acbe787ba4c57002d991af705f3688246a30db7a4 914744 python3-django_1.11.5-1_all.deb Files: 1f339de8f6a46f5f7730e9dc95e176c8 3176 python optional python-django_1.11.5-1.dsc 8cef0d42aabacbc414ec4fbbb6056f3c 7875054 python optional python-django_1.11.5.orig.tar.gz f2a5a6382f728f367be2059151bffb32 22500 python optional python-django_1.11.5-1.debian.tar.xz e9ecfe84a4f1b8f682d2c7b0f13b560b 1543488 python optional python-django-common_1.11.5-1_all.deb ad13a776f3ea18bf56c55145ddeb4eab 2599474 doc optional python-django-doc_1.11.5-1_all.deb 1174fd86c4c98cb29ecf056716eaa54c 914496 python optional python-django_1.11.5-1_all.deb 8cb6da7142363a896f0f8055d64c0444 8140 python optional python-django_1.11.5-1_amd64.buildinfo 9a9c43bc830b1e2fb94e98e76df4e017 914744 python optional python3-django_1.11.5-1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmvDnIACgkQHpU+J9Qx Hlj6Mg/9H4EsT8Va2It1uw0nS1wuvNcXCBK21s9Cp74p6sdPz6JpcGKENsnek995 zy3rNh2gTGu4LfhzonbVmndSpA1Okc6bE7hDhTLQj2asxDDG2ko/+gfyHFCgpgHI Urp5zwBoEYIUHwPDxwcFUuI/CQryY46Q9qHwGakcZl8Yk/+hxMAiNfATuNX1QHl1 0Asb0pR6V8Xe0TY5F8xJPUi6ny3Wzyij2EPY0FofiXBXYjuQOG2WaYEBH2WEtJE6 gSnIkOiyr1xFxo5st+nqufsagQgE3sDe11xQTG0G/SfXIpx+nzzcixTMEs5/prZP onSVaSfb0Y3KDPyu+Jkt63l2/5oQSxUMHkb3NBjv0s4nBmKwtfRZ6NF5ivG8Nzpa pkebbL3bI77IIhA/6deOhJa37xROsFvM/rDKYjE5hTZbdj4hkDBXaQsMIhRkoxck OQC2KHo5mNt1xQCa3ir8bkHPPGFkCqVdeMOufDXhJq3zIxHp9hTduHJwaQg3EJH9 VQbEhOQGW+6UpFA7ghwsCC05rSD+bNebhcQCwjKrcdEGWG3D0DMzd5N5qAx66ogf WnGPFxijThxjkQ3V3y945F5VtXmqOK6ZYfH9BF3H6CK3hWOTatXwdWRpMlPmoIHb dSi99znebKxAkoBSk/jESLl2wzclrduJjo/1fnKaEnruNCJuCX0= =bm5g -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
