{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "update to 2.2.19, resolve CVE-2021-23336 (rbhz#1931539)", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-03-05 11:53:09", "date_modified": null, "date_approved": null, "date_testing": "2021-03-05 19:11:08", "date_stable": "2021-03-20 00:40:11", "alias": "FEDORA-EPEL-2021-6b1b1f9053", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2021-03-20 00:40:11", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6b1b1f9053", "title": "python-django-2.2.19-1.el8", "version_hash": "16e379f7260a188111202f03ecce8350eea3bd6e", "release": {"name": "EPEL-8", "long_name": "Fedora EPEL 8", "version": "8", "id_prefix": "FEDORA-EPEL", "branch": "epel8", "dist_tag": "epel8", "stable_tag": "epel8", "testing_tag": "epel8-testing", "candidate_tag": "epel8-testing-candidate", "pending_signing_tag": "epel8-signing-pending", "pending_testing_tag": "epel8-testing-pending", "pending_stable_tag": "epel8-pending", "override_tag": "epel8-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "current", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "mrunge", "email": "mrunge@redhat.com", "id": 189, "avatar": "https://seccdn.libravatar.org/avatar/a44256d99b54b87430ffaae85f0645968ec25a74a78abea5b026b1698d56ad9e?s=24&d=retro", "openid": "mrunge.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "centosproject-email-aliases"}, {"name": "gitovirt"}, {"name": "sig-cloud"}, {"name": "ambassadors"}, {"name": "gitnodejs-packaging"}, {"name": "signed_fpca"}, {"name": "python-packagers-sig"}, {"name": "sig-extras"}, {"name": "fedora-contributor"}, {"name": "fedorabugs"}, {"name": "sig-opstools"}, {"name": "ipausers"}, {"name": "sig-messaging"}, {"name": "openstack-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by mrunge. ", "timestamp": "2021-03-05 11:53:09", "update_id": 289833, "user_id": 91, "id": 1922575, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-03-05 11:53:10", "update_id": 289833, "user_id": 91, "id": 1922576, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-03-05 11:53:10", "update_id": 289833, "user_id": 91, "id": 1922577, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-03-05 12:24:26", "update_id": 289833, "user_id": 91, "id": 1922601, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-03-05 19:11:25", "update_id": 289833, "user_id": 91, "id": 1923343, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2021-03-19 19:13:49", "update_id": 289833, "user_id": 91, "id": 1945131, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2021-03-19 19:13:49", "update_id": 289833, "user_id": 91, "id": 1945132, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2021-03-20 00:40:58", "update_id": 289833, "user_id": 91, "id": 1946398, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "python-django-2.2.19-1.el8", "signed": true, "release_id": 34, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1928904, "title": "CVE-2021-23336 python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1906111, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-25 09:05:13", "update_id": 285691, "user_id": 5788, "id": 1906111, "testcase_feedback": [], "user": {"name": "newbyte", "email": "newbytee@protonmail.com", "id": 5788, "avatar": "https://seccdn.libravatar.org/avatar/1145909981d8c40c4ac913f9ca74a636dcae74708bf63b119a47ce3492f488af?s=24&d=retro", "openid": "newbyte.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1899766, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-22 10:38:31", "update_id": 285832, "user_id": 198, "id": 1899766, "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1901436, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-23 01:45:30", "update_id": 285832, "user_id": 4120, "id": 1901436, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}, {"name": "trust admins"}]}}}, {"karma": 1, "comment_id": 1895187, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes all mentioned CVEs.", "timestamp": "2021-02-19 08:50:41", "update_id": 284435, "user_id": 2936, "id": 1895187, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}, {"karma": 1, "comment_id": 1895189, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes all mentioned CVEs.", "timestamp": "2021-02-19 08:51:02", "update_id": 284499, "user_id": 2936, "id": 1895189, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}, {"karma": 1, "comment_id": 1899563, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes the CVE.", "timestamp": "2021-02-22 08:24:04", "update_id": 285832, "user_id": 2936, "id": 1899563, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}, {"karma": 1, "comment_id": 1899564, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes the CVE.", "timestamp": "2021-02-22 08:24:06", "update_id": 285690, "user_id": 2936, "id": 1899564, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}, {"karma": 0, "comment_id": 1900849, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-22 19:28:50", "update_id": 285832, "user_id": 5615, "id": 1900849, "testcase_feedback": [], "user": {"name": "ersen", "email": "oguz@ersen.moe", "id": 5615, "avatar": "https://seccdn.libravatar.org/avatar/b7a62226e7d88529ca69787274bacac45092c0f9bc56e521090d83f859529ce4?s=24&d=retro", "openid": "ersen.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "fedora-join"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 1903234, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-23 21:02:34", "update_id": 285832, "user_id": 5881, "id": 1903234, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 0, "comment_id": 1912966, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-03-02 15:42:34", "update_id": 285691, "user_id": 5881, "id": 1912966, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 0, "comment_id": 1923531, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-03-05 21:29:00", "update_id": 285691, "user_id": 534, "id": 1923531, "testcase_feedback": [], "user": {"name": "ngompa", "email": "ngompa13@gmail.com", "id": 534, "avatar": "https://seccdn.libravatar.org/avatar/78eb5545c77d95a891c05cb362dfc4525c92e5398a7645c5bd23e126784d44a9?s=24&d=retro", "openid": "ngompa.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "provenpackager"}, {"name": "kde-sig"}, {"name": "communishift"}, {"name": "kaizen"}, {"name": "respins-sig"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "sig-hyperscale"}, {"name": "epel-packagers-sig"}, {"name": "fedora-contributor"}, {"name": "python-packagers-sig"}, {"name": "signed_fpca"}, {"name": "centosproject-email-aliases"}, {"name": "caddy"}, {"name": "fesco"}, {"name": "sig-extras"}, {"name": "go-sig"}, {"name": "rust-sig"}, {"name": "gitlab-centos-sig-hyperscale"}, {"name": "sig-altimages"}, {"name": "ocp-cico-hyperscale"}, {"name": "asahi-sig"}, {"name": "lxqt-sig"}, {"name": "sig-docs"}, {"name": "discourse-experiments"}, {"name": "multimedia-sig"}, {"name": "discussion-mods-asahi"}, {"name": "asahi-sig-admin"}, {"name": "cloud-sig"}, {"name": "pantheon-sig"}, {"name": "gitlab-centos-sig-altimages"}, {"name": "cosmic-sig"}]}}}, {"karma": 0, "comment_id": 1981156, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-04-11 11:54:35", "update_id": 297811, "user_id": 5881, "id": 1981156, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 0, "comment_id": 1979063, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-04-09 06:49:50", "update_id": 297811, "user_id": 5615, "id": 1979063, "testcase_feedback": [], "user": {"name": "ersen", "email": "oguz@ersen.moe", "id": 5615, "avatar": "https://seccdn.libravatar.org/avatar/b7a62226e7d88529ca69787274bacac45092c0f9bc56e521090d83f859529ce4?s=24&d=retro", "openid": "ersen.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "fedora-join"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1931539, "title": "CVE-2021-23336 python-django: python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters [epel-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1931541, "title": "CVE-2021-23336 python-django3: python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters [epel-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-EPEL-2021-6b1b1f9053", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}