Re: DLA 1842-1: use of wrong CVE?

To: "Martin Waleczek" <waleczek@dfn-cert.de>
Cc: debian-lts@lists.debian.org
Subject: Re: DLA 1842-1: use of wrong CVE?
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 02 Jul 2019 09:30:18 -0300
Message-id: <[🔎] efa748e4-1255-46b0-a952-af65788e2bb4@www.fastmail.com>
In-reply-to: <3de33d18-d438-25ae-b1da-4d6af6bdd81c@dfn-cert.de>
References: <3de33d18-d438-25ae-b1da-4d6af6bdd81c@dfn-cert.de>

[Adding debian-lts@lists.debian.org to CC]

Hi Martin,

> from the vulnerability description in DLA 1842-1 I assume that the
> CVE-ID mentioned is not correct. Should be the new CVE-2019-12781 from
> 
> > https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
> 
> instead of CVE-2019-12308.

Well spotted. This is "merely" cosmetic however; we are recording this
correctly internally in our database.

  https://salsa.debian.org/security-tracker-team/security-tracker/commit/b4936c3ee5cf778da8ab0879dc0807bb592654e6

I've opened a pull request to update the website here:

  https://salsa.debian.org/webmaster-team/webwml/merge_requests/169


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Reply to:

Follow-Ups:
- Re: DLA 1842-1: use of wrong CVE?
  - From: Martin Waleczek <waleczek@dfn-cert.de>

Prev by Date: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity
Next by Date: Re: DLA 1842-1: use of wrong CVE?
Previous by thread: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity
Next by thread: Re: DLA 1842-1: use of wrong CVE?
Index(es):
- Date
- Thread