[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1079454: bookworm-pu: package python-django/3:3.2.19-1+deb12u2

Hey Paul!

Apologies for the delayed response - busy weekend here...

On Sun, Aug 25, 2024 at 09:38:47AM +0200, Paul Gevers wrote:
>Hi Steve and python-django-storages maintainers,
>
>On 23-08-2024 13:24, Steve McIntyre wrote:
>> I've backported a lump of upstream CVE fixes for django to the version
>> in bookworm. Chris Lamb has reviewed and approved the changes as one
>> of the existing maintainers.
>> 
>> The standard test suite all passes as expected.
>
>But the autopkgtest of python-django-storages fails [1]. This *appears* to me
>as a test problem we can accept, but maybe you or the python-django-storages
>maintainers can confirm?

That does very much look like a test with broken assumptions, I'll be
honest. Ah, I see...

I can see that Josh Schneier (the upstream for django-storages) is the
person responsible for the CVE against django in the first place - he
spotted the issue and reported it. In

  https://github.com/jschneier/django-storages/commit/330966293a74f2dabda18fa2e4a221952bf010a9

there's a fix on his side to cope with the django change. It looks
like we'll want that change backporting into python-django-storages. I
can try to do that too if you like, but I appreciate we're getting
very tight on time before the weekend. :-/

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"War does not determine who is right - only who is left."
   -- Bertrand Russell
Reply to: