From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 192AE1384B4 for ; Thu, 12 Nov 2015 07:23:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 61AD621C148; Thu, 12 Nov 2015 07:23:00 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6FB5521C13B for ; Thu, 12 Nov 2015 07:22:59 +0000 (UTC) Received: from [IPv6:2001:980:4ed9:1:beae:c5ff:fe48:18dc] (unknown [IPv6:2001:980:4ed9:1:beae:c5ff:fe48:18dc]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: graaff) by smtp.gentoo.org (Postfix) with ESMTPSA id D8882340634 for ; Thu, 12 Nov 2015 07:22:56 +0000 (UTC) Message-ID: <1447312972.22216.2.camel@gentoo.org> Subject: Re: [gentoo-dev] [gentoo-dev-announce] Last rites: To: gentoo-dev@lists.gentoo.org Date: Thu, 12 Nov 2015 08:22:52 +0100 In-Reply-To: <5643185A.7070307@gentoo.org> References: <5643185A.7070307@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-IJvxD0tkSX3K2aACmYlS" X-Mailer: Evolution 3.16.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Archives-Salt: 7f4f95f6-c696-4f73-acbb-98040dc76f15 X-Archives-Hash: 9442315364a01b9759d20ed8ca65e798 --=-IJvxD0tkSX3K2aACmYlS Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-11-11 at 11:28 +0100, Justin (jlec) wrote: > # Justin Lecher (28 Feb 2015) > # Unfixed security problems > # No upstream support anymore > # CVE-2015-{0219,0220,0221,0222,5145} > # #536586 > # #554864 > =3Ddev-python/django-1.4* > =3Ddev-python/django-1.5* > =3Ddev-python/django-1.6* > # Not supported by any django version upstream supports > dev-python/south > dev-python/Djblets > dev-util/reviewboard Reviewboard upstream is now maintaining its own version of django 1.6 for security fixes: https://www.reviewboard.org/news/2015/08/24/new-dja ngo-1-6-11-1-security-releases/ Would we be able to keep reviewboard in the tree (with a bump to the 2.5.x versions) with this? Hans --=-IJvxD0tkSX3K2aACmYlS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EABEIAAYFAlZEPkwACgkQiIP6VqMIqNe5ywD/dkBddPTkk4KPvO/AmmIIuMXB epdnh90VA2nlYxqpfIoA/1chY0wuRgVq1tdVJBrMKhn2KdccHtlWodoJFWfBlYmJ =krRO -----END PGP SIGNATURE----- --=-IJvxD0tkSX3K2aACmYlS--