security update in Fedora EPEL 7 for python-django

Status: obsolete

rebase EPEL7 package to Django-1.11.x

Comments 6

This update has been submitted for testing by mrunge.

This update has been pushed to testing.

This update breaks dependencies of RviewBoard-2.6.17-1.el7 (Requires python2-django(abi) = 0:1.6) and python-djblets-0.9.9-2.el7 (in epel testing, because it requires explicitily python-django16). I'd guess there need to be cordinated update of these packages.

Thank you.

IIRC, sgallagh changed reviewboard packages (and djblets) to explicitly require python-django16 instead of python-django. Reviewboard is the reason, why we didn't upgrade Django some time (years) ago.

That's exactly, what we need to catch before pushing something to stable.

The issue is obsoletes.

python-django < 1.11.13-2.el7 Django < 1.5.5-3 python-django < 1.5.5-3

If both should coexist, then there is a packaging issue in python-django16. It should create python2-django16 sub-package and not pyton2-django like it does now.

This update has been obsoleted by python-django-1.11.13-4.el7.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
submitted 8 months ago
in testing 8 months ago

Related Bugs 5

00 #1357704 CVE-2016-6186 python-django: django: XSS in admin's add/change related popup [epel-7]
00 #1432365 Please update python-django in EPEL
00 #1488634 CVE-2017-7233 python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs [epel-7]
00 #1552179 CVE-2018-7536 CVE-2018-7537 python-django: various flaws [epel-7]
00 #1611050 CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [epel-7]

Automated Test Results