{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "rebase EPEL7 package to Django-1.11.x", "type": "security", "status": "obsolete", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": false, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2018-11-16 07:23:28", "date_modified": null, "date_approved": null, "date_testing": "2018-11-17 05:35:42", "date_stable": null, "alias": "FEDORA-EPEL-2018-b4d4e0a3eb", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2018-11-17 05:35:42", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b4d4e0a3eb", "title": "python-django-1.11.13-2.el7", "version_hash": "f361bd979f881a2c6517754aae1a3bd63704db4c", "release": {"name": "EPEL-7", "long_name": "Fedora EPEL 7", "version": "7", "id_prefix": "FEDORA-EPEL", "branch": "epel7", "dist_tag": "epel7", "stable_tag": "epel7", "testing_tag": "epel7-testing", "candidate_tag": "epel7-testing-candidate", "pending_signing_tag": "epel7-signing-pending", "pending_testing_tag": "epel7-testing-pending", "pending_stable_tag": "epel7-pending", "override_tag": "epel7-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "mrunge", "email": "mrunge@redhat.com", "id": 189, "avatar": "https://seccdn.libravatar.org/avatar/a44256d99b54b87430ffaae85f0645968ec25a74a78abea5b026b1698d56ad9e?s=24&d=retro", "openid": "mrunge.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "centosproject-email-aliases"}, {"name": "gitovirt"}, {"name": "sig-cloud"}, {"name": "ambassadors"}, {"name": "gitnodejs-packaging"}, {"name": "signed_fpca"}, {"name": "python-packagers-sig"}, {"name": "sig-extras"}, {"name": "fedora-contributor"}, {"name": "fedorabugs"}, {"name": "sig-opstools"}, {"name": "ipausers"}, {"name": "sig-messaging"}, {"name": "openstack-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by mrunge. ", "timestamp": "2018-11-16 07:23:28", "update_id": 126860, "user_id": 91, "id": 863159, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-11-17 05:36:25", "update_id": 126860, "user_id": 91, "id": 863513, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update breaks dependencies of  RviewBoard-2.6.17-1.el7 (Requires python2-django(abi) = 0:1.6) and python-djblets-0.9.9-2.el7 (in epel testing,  because it requires explicitily python-django16). I'd guess there need to be cordinated update of these packages.", "timestamp": "2018-11-19 12:43:25", "update_id": 126860, "user_id": 4048, "id": 864402, "bug_feedback": [{"karma": 0, "comment_id": 864402, "bug_id": 1357704, "bug": {"bug_id": 1357704, "title": "CVE-2016-6186 python-django: django: XSS in admin's add/change related popup [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864402, "bug_id": 1432365, "bug": {"bug_id": 1432365, "title": "Please update python-django in EPEL", "security": false, "parent": false}}, {"karma": 0, "comment_id": 864402, "bug_id": 1488634, "bug": {"bug_id": 1488634, "title": "CVE-2017-7233 python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864402, "bug_id": 1552179, "bug": {"bug_id": 1552179, "title": "CVE-2018-7536 CVE-2018-7537 python-django: various flaws [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864402, "bug_id": 1611050, "bug": {"bug_id": 1611050, "title": "CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [epel-7]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Thank you.\n\nIIRC, sgallagh changed reviewboard packages (and djblets) to explicitly require python-django16 instead of python-django. Reviewboard is the reason, why we didn't upgrade Django some time (years) ago.\n\nThat's exactly, what we need to catch before pushing something to stable.", "timestamp": "2018-11-19 13:16:14", "update_id": 126860, "user_id": 189, "id": 864413, "bug_feedback": [{"karma": 0, "comment_id": 864413, "bug_id": 1357704, "bug": {"bug_id": 1357704, "title": "CVE-2016-6186 python-django: django: XSS in admin's add/change related popup [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864413, "bug_id": 1432365, "bug": {"bug_id": 1432365, "title": "Please update python-django in EPEL", "security": false, "parent": false}}, {"karma": 0, "comment_id": 864413, "bug_id": 1488634, "bug": {"bug_id": 1488634, "title": "CVE-2017-7233 python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864413, "bug_id": 1552179, "bug": {"bug_id": 1552179, "title": "CVE-2018-7536 CVE-2018-7537 python-django: various flaws [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864413, "bug_id": 1611050, "bug": {"bug_id": 1611050, "title": "CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [epel-7]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "mrunge", "email": "mrunge@redhat.com", "id": 189, "avatar": "https://seccdn.libravatar.org/avatar/a44256d99b54b87430ffaae85f0645968ec25a74a78abea5b026b1698d56ad9e?s=24&d=retro", "openid": "mrunge.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "centosproject-email-aliases"}, {"name": "gitovirt"}, {"name": "sig-cloud"}, {"name": "ambassadors"}, {"name": "gitnodejs-packaging"}, {"name": "signed_fpca"}, {"name": "python-packagers-sig"}, {"name": "sig-extras"}, {"name": "fedora-contributor"}, {"name": "fedorabugs"}, {"name": "sig-opstools"}, {"name": "ipausers"}, {"name": "sig-messaging"}, {"name": "openstack-sig"}]}}, {"karma": 0, "karma_critpath": 0, "text": "The issue is obsoletes.\n\npython-django < 1.11.13-2.el7\nDjango < 1.5.5-3\npython-django < 1.5.5-3\n\nIf both should coexist, then there is a packaging issue in python-django16. It should create python2-django16 sub-package and not pyton2-django like it does now.\n", "timestamp": "2018-11-19 14:42:42", "update_id": 126860, "user_id": 4048, "id": 864431, "bug_feedback": [{"karma": 0, "comment_id": 864431, "bug_id": 1357704, "bug": {"bug_id": 1357704, "title": "CVE-2016-6186 python-django: django: XSS in admin's add/change related popup [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864431, "bug_id": 1432365, "bug": {"bug_id": 1432365, "title": "Please update python-django in EPEL", "security": false, "parent": false}}, {"karma": 0, "comment_id": 864431, "bug_id": 1488634, "bug": {"bug_id": 1488634, "title": "CVE-2017-7233 python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864431, "bug_id": 1552179, "bug": {"bug_id": 1552179, "title": "CVE-2018-7536 CVE-2018-7537 python-django: various flaws [epel-7]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 864431, "bug_id": 1611050, "bug": {"bug_id": 1611050, "title": "CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [epel-7]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been obsoleted by [python-django-1.11.13-4.el7](https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2206653eb9).", "timestamp": "2018-11-19 21:35:05", "update_id": 126860, "user_id": 91, "id": 864535, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "python-django-1.11.13-2.el7", "signed": true, "release_id": 8, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1357704, "title": "CVE-2016-6186 python-django: django: XSS in admin's add/change related popup [epel-7]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 864402, "bug_id": 1357704, "comment": {"karma": 0, "karma_critpath": 0, "text": "This update breaks dependencies of  RviewBoard-2.6.17-1.el7 (Requires python2-django(abi) = 0:1.6) and python-djblets-0.9.9-2.el7 (in epel testing,  because it requires explicitily python-django16). I'd guess there need to be cordinated update of these packages.", "timestamp": "2018-11-19 12:43:25", "update_id": 126860, "user_id": 4048, "id": 864402, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 864413, "bug_id": 1357704, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you.\n\nIIRC, sgallagh changed reviewboard packages (and djblets) to explicitly require python-django16 instead of python-django. Reviewboard is the reason, why we didn't upgrade Django some time (years) ago.\n\nThat's exactly, what we need to catch before pushing something to stable.", "timestamp": "2018-11-19 13:16:14", "update_id": 126860, "user_id": 189, "id": 864413, "testcase_feedback": [], "user": {"name": "mrunge", "email": "mrunge@redhat.com", "id": 189, "avatar": "https://seccdn.libravatar.org/avatar/a44256d99b54b87430ffaae85f0645968ec25a74a78abea5b026b1698d56ad9e?s=24&d=retro", "openid": "mrunge.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "centosproject-email-aliases"}, {"name": "gitovirt"}, {"name": "sig-cloud"}, {"name": "ambassadors"}, {"name": "gitnodejs-packaging"}, {"name": "signed_fpca"}, {"name": "python-packagers-sig"}, {"name": "sig-extras"}, {"name": "fedora-contributor"}, {"name": "fedorabugs"}, {"name": "sig-opstools"}, {"name": "ipausers"}, {"name": "sig-messaging"}, {"name": "openstack-sig"}]}}}, {"karma": 0, "comment_id": 864431, "bug_id": 1357704, "comment": {"karma": 0, "karma_critpath": 0, "text": "The issue is obsoletes.\n\npython-django < 1.11.13-2.el7\nDjango < 1.5.5-3\npython-django < 1.5.5-3\n\nIf both should coexist, then there is a packaging issue in python-django16. It should create python2-django16 sub-package and not pyton2-django like it does now.\n", "timestamp": "2018-11-19 14:42:42", "update_id": 126860, "user_id": 4048, "id": 864431, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1432365, "title": "Please update python-django in EPEL", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 864402, "bug_id": 1432365, "comment": {"karma": 0, "karma_critpath": 0, "text": "This update breaks dependencies of  RviewBoard-2.6.17-1.el7 (Requires python2-django(abi) = 0:1.6) and python-djblets-0.9.9-2.el7 (in epel testing,  because it requires explicitily python-django16). I'd guess there need to be cordinated update of these packages.", "timestamp": "2018-11-19 12:43:25", "update_id": 126860, "user_id": 4048, "id": 864402, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 864413, "bug_id": 1432365, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you.\n\nIIRC, sgallagh changed reviewboard packages (and djblets) to explicitly require python-django16 instead of python-django. Reviewboard is the reason, why we didn't upgrade Django some time (years) ago.\n\nThat's exactly, what we need to catch before pushing something to stable.", "timestamp": "2018-11-19 13:16:14", "update_id": 126860, "user_id": 189, "id": 864413, "testcase_feedback": [], "user": {"name": "mrunge", "email": "mrunge@redhat.com", "id": 189, "avatar": "https://seccdn.libravatar.org/avatar/a44256d99b54b87430ffaae85f0645968ec25a74a78abea5b026b1698d56ad9e?s=24&d=retro", "openid": "mrunge.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "centosproject-email-aliases"}, {"name": "gitovirt"}, {"name": "sig-cloud"}, {"name": "ambassadors"}, {"name": "gitnodejs-packaging"}, {"name": "signed_fpca"}, {"name": "python-packagers-sig"}, {"name": "sig-extras"}, {"name": "fedora-contributor"}, {"name": "fedorabugs"}, {"name": "sig-opstools"}, {"name": "ipausers"}, {"name": "sig-messaging"}, {"name": "openstack-sig"}]}}}, {"karma": 0, "comment_id": 864431, "bug_id": 1432365, "comment": {"karma": 0, "karma_critpath": 0, "text": "The issue is obsoletes.\n\npython-django < 1.11.13-2.el7\nDjango < 1.5.5-3\npython-django < 1.5.5-3\n\nIf both should coexist, then there is a packaging issue in python-django16. It should create python2-django16 sub-package and not pyton2-django like it does now.\n", "timestamp": "2018-11-19 14:42:42", "update_id": 126860, "user_id": 4048, "id": 864431, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1488634, "title": "CVE-2017-7233 python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs [epel-7]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 864402, "bug_id": 1488634, "comment": {"karma": 0, "karma_critpath": 0, "text": "This update breaks dependencies of  RviewBoard-2.6.17-1.el7 (Requires python2-django(abi) = 0:1.6) and python-djblets-0.9.9-2.el7 (in epel testing,  because it requires explicitily python-django16). I'd guess there need to be cordinated update of these packages.", "timestamp": "2018-11-19 12:43:25", "update_id": 126860, "user_id": 4048, "id": 864402, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 864413, "bug_id": 1488634, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you.\n\nIIRC, sgallagh changed reviewboard packages (and djblets) to explicitly require python-django16 instead of python-django. Reviewboard is the reason, why we didn't upgrade Django some time (years) ago.\n\nThat's exactly, what we need to catch before pushing something to stable.", "timestamp": "2018-11-19 13:16:14", "update_id": 126860, "user_id": 189, "id": 864413, "testcase_feedback": [], "user": {"name": "mrunge", "email": "mrunge@redhat.com", "id": 189, "avatar": "https://seccdn.libravatar.org/avatar/a44256d99b54b87430ffaae85f0645968ec25a74a78abea5b026b1698d56ad9e?s=24&d=retro", "openid": "mrunge.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "centosproject-email-aliases"}, {"name": "gitovirt"}, {"name": "sig-cloud"}, {"name": "ambassadors"}, {"name": "gitnodejs-packaging"}, {"name": "signed_fpca"}, {"name": "python-packagers-sig"}, {"name": "sig-extras"}, {"name": "fedora-contributor"}, {"name": "fedorabugs"}, {"name": "sig-opstools"}, {"name": "ipausers"}, {"name": "sig-messaging"}, {"name": "openstack-sig"}]}}}, {"karma": 0, "comment_id": 864431, "bug_id": 1488634, "comment": {"karma": 0, "karma_critpath": 0, "text": "The issue is obsoletes.\n\npython-django < 1.11.13-2.el7\nDjango < 1.5.5-3\npython-django < 1.5.5-3\n\nIf both should coexist, then there is a packaging issue in python-django16. It should create python2-django16 sub-package and not pyton2-django like it does now.\n", "timestamp": "2018-11-19 14:42:42", "update_id": 126860, "user_id": 4048, "id": 864431, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1552179, "title": "CVE-2018-7536 CVE-2018-7537 python-django: various flaws [epel-7]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 864402, "bug_id": 1552179, "comment": {"karma": 0, "karma_critpath": 0, "text": "This update breaks dependencies of  RviewBoard-2.6.17-1.el7 (Requires python2-django(abi) = 0:1.6) and python-djblets-0.9.9-2.el7 (in epel testing,  because it requires explicitily python-django16). I'd guess there need to be cordinated update of these packages.", "timestamp": "2018-11-19 12:43:25", "update_id": 126860, "user_id": 4048, "id": 864402, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 864413, "bug_id": 1552179, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you.\n\nIIRC, sgallagh changed reviewboard packages (and djblets) to explicitly require python-django16 instead of python-django. Reviewboard is the reason, why we didn't upgrade Django some time (years) ago.\n\nThat's exactly, what we need to catch before pushing something to stable.", "timestamp": "2018-11-19 13:16:14", "update_id": 126860, "user_id": 189, "id": 864413, "testcase_feedback": [], "user": {"name": "mrunge", "email": "mrunge@redhat.com", "id": 189, "avatar": "https://seccdn.libravatar.org/avatar/a44256d99b54b87430ffaae85f0645968ec25a74a78abea5b026b1698d56ad9e?s=24&d=retro", "openid": "mrunge.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "centosproject-email-aliases"}, {"name": "gitovirt"}, {"name": "sig-cloud"}, {"name": "ambassadors"}, {"name": "gitnodejs-packaging"}, {"name": "signed_fpca"}, {"name": "python-packagers-sig"}, {"name": "sig-extras"}, {"name": "fedora-contributor"}, {"name": "fedorabugs"}, {"name": "sig-opstools"}, {"name": "ipausers"}, {"name": "sig-messaging"}, {"name": "openstack-sig"}]}}}, {"karma": 0, "comment_id": 864431, "bug_id": 1552179, "comment": {"karma": 0, "karma_critpath": 0, "text": "The issue is obsoletes.\n\npython-django < 1.11.13-2.el7\nDjango < 1.5.5-3\npython-django < 1.5.5-3\n\nIf both should coexist, then there is a packaging issue in python-django16. It should create python2-django16 sub-package and not pyton2-django like it does now.\n", "timestamp": "2018-11-19 14:42:42", "update_id": 126860, "user_id": 4048, "id": 864431, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1611050, "title": "CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [epel-7]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 864402, "bug_id": 1611050, "comment": {"karma": 0, "karma_critpath": 0, "text": "This update breaks dependencies of  RviewBoard-2.6.17-1.el7 (Requires python2-django(abi) = 0:1.6) and python-djblets-0.9.9-2.el7 (in epel testing,  because it requires explicitily python-django16). I'd guess there need to be cordinated update of these packages.", "timestamp": "2018-11-19 12:43:25", "update_id": 126860, "user_id": 4048, "id": 864402, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 864413, "bug_id": 1611050, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you.\n\nIIRC, sgallagh changed reviewboard packages (and djblets) to explicitly require python-django16 instead of python-django. Reviewboard is the reason, why we didn't upgrade Django some time (years) ago.\n\nThat's exactly, what we need to catch before pushing something to stable.", "timestamp": "2018-11-19 13:16:14", "update_id": 126860, "user_id": 189, "id": 864413, "testcase_feedback": [], "user": {"name": "mrunge", "email": "mrunge@redhat.com", "id": 189, "avatar": "https://seccdn.libravatar.org/avatar/a44256d99b54b87430ffaae85f0645968ec25a74a78abea5b026b1698d56ad9e?s=24&d=retro", "openid": "mrunge.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "centosproject-email-aliases"}, {"name": "gitovirt"}, {"name": "sig-cloud"}, {"name": "ambassadors"}, {"name": "gitnodejs-packaging"}, {"name": "signed_fpca"}, {"name": "python-packagers-sig"}, {"name": "sig-extras"}, {"name": "fedora-contributor"}, {"name": "fedorabugs"}, {"name": "sig-opstools"}, {"name": "ipausers"}, {"name": "sig-messaging"}, {"name": "openstack-sig"}]}}}, {"karma": 0, "comment_id": 864431, "bug_id": 1611050, "comment": {"karma": 0, "karma_critpath": 0, "text": "The issue is obsoletes.\n\npython-django < 1.11.13-2.el7\nDjango < 1.5.5-3\npython-django < 1.5.5-3\n\nIf both should coexist, then there is a packaging issue in python-django16. It should create python2-django16 sub-package and not pyton2-django like it does now.\n", "timestamp": "2018-11-19 14:42:42", "update_id": 126860, "user_id": 4048, "id": 864431, "testcase_feedback": [], "user": {"name": "tis", "email": "tis@foobar.fi", "id": 4048, "avatar": "https://seccdn.libravatar.org/avatar/3536202e18966e4fbfbcc6d646b90ee7f4e8f68f355b0f421d9780ef623d59c1?s=24&d=retro", "openid": "tis.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-EPEL-2018-b4d4e0a3eb", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}