[SECURITY] [DLA 2233-2] python-django regression update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : python-django
Version : 1.7.11-1+deb8u10
CVE ID : CVE-2020-13254
It was discovered that there was a regression in the latest update to
Django, the Python web development framework. The upstream fix for
CVE-2020-13254 to address data leakages via malformed memcached keys
could, in some situations, cause a traceback.
Please see <https://code.djangoproject.com/ticket/31654> for more
information.
For Debian 8 "Jessie", this issue has been fixed in python-django version
1.7.11-1+deb8u10.
We recommend that you upgrade your python-django packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7jWr4ACgkQHpU+J9Qx
HlhGtxAAlSy1EDqFKrrdUK52oMhs3yokzn+6t5wm3y+Rx0usp1y6d17tI/16KfOr
TYDo8vO0FERwp4reCjuCffHYS0/NMNfwyvoXVnWUavpus5Sci2ZJsj3cUGhGsvRF
wcvKezYCYOwjqBm28WIt4fBM4eRLJ5h6H1b7UvwyPIH/8LIZ0LwE9suRrJu63tf/
5ellaN13XfPTU8Ems/HAyvmEVEaWgi0XshhHGgW7VYPwf/GuRHM9ykZnypAc3uz/
EEPK0nAvDjTuuwpKjFqeub7UyWnuf1REfCOjQZTjOpBVG5RJgnprT5jOxcnYIy1R
cvuM/SKPReR8ESwrEMqwIcZw9iEuyg9bC3Et2GjrRImEp9hHhEROcnGzuzSaqqvX
1kz+yAAkoO8VxHDXCRSpPA3fEC9CUvHO6ffbmFjhx1P01xfL/nYhfgkk3lX4WaEi
tRytHuIH6StNvGhnnVX5DKriYdotCTSFJqj6a5LNVnuf+lvEBVgtu+LSdyOlNTIF
W9Ei4la/J6t01jN21M+MsLrAi59A3wuGWwkmANJTy17Npud821e5c02KkhILf1FQ
si3MZOP3CrEeKPys8c06Irj60URWSnmX9QJa+WVk4Afu027yL09eAQba27zy8UTp
IMCM0TpHfP1gUeLns9jEY4Rv5jwhf05X6mGfiKKpkrYGg+RRL9k=
=GAWP
-----END PGP SIGNATURE-----
Reply to: