Bug 576876 (CVE-2016-2512)

Summary:	<dev-python/django-{1.8.14,1.9.5}: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	ercpe, jlec, python, rene
Priority:	Normal	Flags:	stable-bot: sanity-check-
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.openwall.com/lists/oss-security/2016/03/01/4
Whiteboard:	B3 [noglsa cve]
Package list:	=dev-python/django-1.8.18 ~amd64 ~x86 =dev-python/django-celery-3.1.17 ~amd64 ~x86	Runtime testing required:	---
Bug Depends on:	598770
Bug Blocks:	589134

Description Agostino Sarubbo gentoo-dev

2016-03-09 15:30:34 UTC

From ${URL} :


Today the Django team issued 1.9.3 and 1.8.10 as part of our security 
process. This releases address two security issues, and we encourage all 
users to upgrade as soon as possible.

Details are available on the Django project weblog:

https://www.djangoproject.com/weblog/2016/mar/01/security-releases/



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Johann Schmitz (ercpe) (RETIRED) gentoo-dev

2016-03-12 06:30:39 UTC

*** Bug 576486 has been marked as a duplicate of this bug. ***

Comment 2 Pacho Ramos gentoo-dev

2016-03-14 16:05:50 UTC

*** Bug 577192 has been marked as a duplicate of this bug. ***

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2016-11-21 19:29:16 UTC

Fixed versions appeared in Gentoo repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-python/django?id=236a8b0d1563b4bf6c0a9a6885dc24e4e9f2f8a8 and https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-python/django?id=13dfae631bc81c647b6834fa6b1446109c48c767

Comment 4 Justin Lecher (RETIRED) gentoo-dev

2017-06-03 19:38:30 UTC

commit 6855253051c53fdcb07f62b792218550fa708bf8
Author: Justin Lecher <jlec@gentoo.org>
Date:   Sat Jun 3 20:33:58 2017 +0100

    dev-python/django: Version Bump CVE-201{6-{2512,7401,9013,9014},7-{7233,7234}}

    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=576876
    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=589134
    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=595544
    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=598770
    Package-Manager: Portage-2.3.6, Repoman-2.3.2
    Signed-off-by: Justin Lecher <jlec@gentoo.org>

    https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6855253051c53fdcb07f62b792218550fa708bf8

Comment 5 Justin Lecher (RETIRED) gentoo-dev

2017-06-03 19:41:15 UTC

@arches please stabilize

=dev-python/django-1.8.18

Comment 6 Stabilization helper bot gentoo-dev

2017-06-03 20:01:28 UTC

An automated check of this bug failed - the following atom is unknown:

dev-python/django-1.8.18

Please verify the atom list.

Comment 7 Stabilization helper bot gentoo-dev

2017-06-04 07:00:55 UTC

An automated check of this bug failed - repoman reported dependency errors (85 lines truncated): 

> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']
> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']
> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-28 12:59:16 UTC

All done, repository is clean.