Hi,
On Tue, 09 Aug 2016, Holger Levsen wrote:
> so I need to read the upstream changelog between 1.4.5 and 1.4.22 to
> find out why?
This update does fix bugs but not security bugs that would have warranted
a DLA on their own... it's just easier for us to work on the latest 1.4.x
release and make
Em Terça-feira, 9 de Agosto de 2016 4:39, Brian May
escreveu:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package : python-django
Version : 1.4.22-1
The release team recently approved rebasing jessie on latest
python-django 1.7.x (see #807654). For similiar reasons,
On Tue, Aug 09, 2016 at 08:57:24PM +1000, Brian May wrote:
> > ah, CVE-2016-6186! :-) That "magic string" should have been part of your
> > announcement and of course thats very easy to say now.
> ... except CVE-2016-6186 had already been fixed by DLA 555-1 for Django
> version 1.4.5-1+deb7u17 - so
Holger Levsen writes:
> ah, CVE-2016-6186! :-) That "magic string" should have been part of your
> announcement and of course thats very easy to say now.
... except CVE-2016-6186 had already been fixed by DLA 555-1 for Django
version 1.4.5-1+deb7u17 - so it seemed pointless referring to a CVE th
Hi Brian,
(replying to your two mails in one.)
On Tue, Aug 09, 2016 at 08:18:53PM +1000, Brian May wrote:
> No, the upload did not include any new vulnerabilites that I know
> of. Otherwise I would have listed them.
>
> See https://lists.debian.org/debian-lts/2016/07/msg00069.html for the
> reas
Holger Levsen writes:
> https://www.debian.org/security/2016/dsa-3622 says django-python 1.7 is
> prone to a cross-site scripting vulnerability in the admin's add/change
> related popup - is this the issue this DLA is addressing?
No, the upload did not include any new vulnerabilites that I know
Holger Levsen writes:
> IMO a DLA should always explain why an update was done, at least
> very briefly. More pointers are good, but just a numeric pointer alone
> is a bit too little.
I asked for help here on the wording of the DLA, but got none. So I had
to make do with the best I could come u
Hi,
On Tue, Aug 09, 2016 at 06:38:46PM +1000, Brian May wrote:
> Package: python-django
> Version: 1.4.22-1
>
> The release team recently approved rebasing jessie on latest
> python-django 1.7.x (see #807654). For similiar reasons, it makes sense
> to rebase wheezy on latest 1.4.x
