FS#57338 - [python-django] CVE-2018-6188
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Friday, 02 February 2018, 17:48 GMT
Last edited by Angel Velasquez (angvp) - Sunday, 04 February 2018, 18:51 GMT
Opened by Pascal Ernster (hardfalcon) - Friday, 02 February 2018, 17:48 GMT
Last edited by Angel Velasquez (angvp) - Sunday, 04 February 2018, 18:51 GMT
|
Details
Usually, I wouldn't open a bug report for an outdated
package, but in this case, the package in question has not
been updated/maintained for half a year (upstream released
version 1.11.3 on 2017-07-01), although it has been flagged
as outdated already 5 months ago.
python-django and python2-django are currently at version 1.11.2, the current upstream version is 1.11.10, and fixes a CVE: https://docs.djangoproject.com/en/1.11/releases/1.11.10/ Not sure if it belongs into here, but the 1.11 branch of branch is an LTS branch anyway, and the current version of Django would actually be 2.0.2 (but that branch has dropped support for Python 2). In any case, this package should at least be updated to version 1.11.10 to get rid of CVE-2018-6188. |
This task depends upon
Comment by
Jelle van der Waa (jelly) -
Saturday, 03 February 2018, 10:04 GMT
Side note, the CVE mentions the bug seems to be introduced in
1.11.8 and our repository version 1.11.2 so should not be
affected.
Comment by Angel Velasquez (angvp) -
Sunday, 04 February 2018, 18:51 GMT
Updated to 1.11.10 today