From f6814ff139feec0ef1ec80536327884449725673 Mon Sep 17 00:00:00 2001
From: Chris Lamb <lamby@debian.org>
Date: Tue, 7 Dec 2021 14:55:11 -0800
Subject: Triage CVE-2021-44420 in python-django for stretch LTS.

---
 data/CVE/2021.list  | 1 +
 data/dla-needed.txt | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 38e049390f..d9492fb555 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -688,6 +688,7 @@ CVE-2021-44420 [Potential bypass of an upstream access control based on URL path
 	- python-django 2:3.2.10-1
 	[bullseye] - python-django <no-dsa> (Minor issue)
 	[buster] - python-django <no-dsa> (Minor issue)
+	[stretch] - python-django <not-affected> (Vulnerable code not present; path converters added later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
 	NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
 	NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10)
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 06c7a4cd7c..cbca4b18b2 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -68,8 +68,6 @@ nvidia-graphics-drivers (Markus Koschany)
 pgbouncer (Thorsten Alteholz)
   NOTE: 20211128: also help with other releases
 --
-python-django (Chris Lamb)
---
 rustc (Roberto C. Sánchez)
   NOTE: rust-doc in stretch-lts (and jessie-lts) is not installable
   NOTE: https://bugs.debian.org/928422
-- 
cgit v1.2.3