Hi, On Tue, Aug 09, 2016 at 06:38:46PM +1000, Brian May wrote: > Package : python-django > Version : 1.4.22-1 > > The release team recently approved rebasing jessie on latest > python-django 1.7.x (see #807654). For similiar reasons, it makes sense > to rebase wheezy on latest 1.4.x, especially since 1.4.x is an LTS > version. > > Django 1.4.22-1 has been uploaded to wheezy-security to address this. to address what exactly? #807654 is a long bug explaining the django-python release process, but not really why an update was done. https://www.debian.org/security/2016/dsa-3622 says django-python 1.7 is prone to a cross-site scripting vulnerability in the admin's add/change related popup - is this the issue this DLA is addressing? IMO a DLA should always explain why an update was done, at least very briefly. More pointers are good, but just a numeric pointer alone is a bit too little. (And, unrelated, the stable update had a +deb8u5 version, I think a +deb7uX version would been appropriate here as well.) -- cheers, Holger
Attachment:
signature.asc
Description: Digital signature