Re: [Python-modules-team] squeeze update of python-django?

To: Ben Hutchings <benh@debian.org>, Raphaël Hertzog <hertzog@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: [Python-modules-team] squeeze update of python-django?
From: Brian May <bam@debian.org>
Date: Wed, 25 Nov 2015 14:55:19 +1100
Message-id: <[🔎] 87y4dmlom0.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 1448402754.27159.10.camel@debian.org>
References: <[🔎] 1448402754.27159.10.camel@debian.org>

I CCed Raphaël Hertzog <hertzog@debian.org> as he may have missed the
original email to <python-modules-team@lists.alioth.debian.org>, which
is normally for automatic messages only.



I think our priorities need to be with the unstable version (which also
has a grave bug), and then the stable version.

In the meantime however, here is a patch to the change in the 1.7.x
version:

https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172

The patch doesn't apply cleanly to 1.2.x in squeeze, however it looks
like it should be relatively simple to apply manually...

Think only the changes to django/utils/formats.py will be required.



Ben Hutchings <benh@debian.org> writes:

> Hello dear maintainer(s),
>
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of python-django:
> https://security-tracker.debian.org/tracker/CVE-2015-8213
>
> Would you like to take care of this yourself?
>
> If yes, please follow the workflow we have defined here:
> http://wiki.debian.org/LTS/Development
>
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
>
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
>
> Thank you very much.
>
> Ben Hutchings,
>   on behalf of the Debian LTS team.
>
> PS: A member of the LTS team might start working on this update at
> any point in time. You can verify whether someone is registered
> on this update in this file:
> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
>
> -- 
> Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
>
>
> _______________________________________________
> Python-modules-team mailing list
> Python-modules-team@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: [Python-modules-team] squeeze update of python-django?
  - From: Ben Hutchings <benh@debian.org>

References:
- squeeze update of python-django?
  - From: Ben Hutchings <benh@debian.org>

Prev by Date: Re: Please test eglibc 2.11.3-4+deb6u8
Next by Date: Re: Using the same nss in all suites
Previous by thread: squeeze update of python-django?
Next by thread: Re: [Python-modules-team] squeeze update of python-django?
Index(es):
- Date
- Thread