Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 576876 (CVE-2016-2512)

Summary: <dev-python/django-{1.8.14,1.9.5}: multiple vulnerabilities
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: ercpe, jlec, python, rene
Priority: Normal Flags: stable-bot: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
=dev-python/django-1.8.18 ~amd64 ~x86 =dev-python/django-celery-3.1.17 ~amd64 ~x86
Runtime testing required: ---
Bug Depends on: 598770    
Bug Blocks: 589134    

Description Agostino Sarubbo gentoo-dev 2016-03-09 15:30:34 UTC
From ${URL} :

Today the Django team issued 1.9.3 and 1.8.10 as part of our security 
process. This releases address two security issues, and we encourage all 
users to upgrade as soon as possible.

Details are available on the Django project weblog:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Johann Schmitz (ercpe) (RETIRED) gentoo-dev 2016-03-12 06:30:39 UTC
*** Bug 576486 has been marked as a duplicate of this bug. ***
Comment 2 Pacho Ramos gentoo-dev 2016-03-14 16:05:50 UTC
*** Bug 577192 has been marked as a duplicate of this bug. ***
Comment 4 Justin Lecher (RETIRED) gentoo-dev 2017-06-03 19:38:30 UTC
commit 6855253051c53fdcb07f62b792218550fa708bf8
Author: Justin Lecher <>
Date:   Sat Jun 3 20:33:58 2017 +0100

    dev-python/django: Version Bump CVE-201{6-{2512,7401,9013,9014},7-{7233,7234}}

    Package-Manager: Portage-2.3.6, Repoman-2.3.2
    Signed-off-by: Justin Lecher <>
Comment 5 Justin Lecher (RETIRED) gentoo-dev 2017-06-03 19:41:15 UTC
@arches please stabilize

Comment 6 Stabilization helper bot gentoo-dev 2017-06-03 20:01:28 UTC
An automated check of this bug failed - the following atom is unknown:


Please verify the atom list.
Comment 7 Stabilization helper bot gentoo-dev 2017-06-04 07:00:55 UTC
An automated check of this bug failed - repoman reported dependency errors (85 lines truncated): 

> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']
> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']
> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-28 12:59:16 UTC
All done, repository is clean.