From bbc11dc4089bfbd75e74a0ae0ec006b5934a74c8 Mon Sep 17 00:00:00 2001
From: vuln-bot <vuln-bot@pyup.io>
Date: Tue, 18 Oct 2016 12:19:43 +0200
Subject: [PATCH 1/2] Changelog pando version 0.39

---
 data/insecure_full.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/insecure_full.json b/data/insecure_full.json
index f2a1ff799..adb749994 100644
--- a/data/insecure_full.json
+++ b/data/insecure_full.json
@@ -2209,6 +2209,12 @@
             "v": "<3.1.0.8"
         }
     ],
+    "pando": [
+        {
+            "changelog": "-------------------------------------------\n\n* fix two security bugs related to CRLF injection\n  https://github.com/gratipay/security-qf35us/issues/1\n\n* remove argv-based configuration; Website now takes kwargs instead (455)\n\n* remove exec-based configuration, i.e., configure-aspen.py (373); use kwargs\n  to Website or environment variables instead\n\n* add a base_url configuration setting and use it in a new algorithm\n  function, redirect_to_base_url (457)\n\n* improve the redirect API: it's now at website.redirect instead of\n  request.redirect; it honors the new website.base_url; and it takes an \n  optional response object (458)\n\n\n",
+            "v": "<0.39"
+        }
+    ],
     "pastescript": [
         {
             "cve": "CVE-2012-0878",

From a71c09dd6ed329cf1ea187599f0472032b99942d Mon Sep 17 00:00:00 2001
From: vuln-bot <vuln-bot@pyup.io>
Date: Tue, 18 Oct 2016 12:19:44 +0200
Subject: [PATCH 2/2] Changelog pando version 0.39

---
 data/insecure.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/insecure.json b/data/insecure.json
index 54e1dc810..c256177bf 100644
--- a/data/insecure.json
+++ b/data/insecure.json
@@ -289,6 +289,9 @@
     "ovirt-engine-sdk-python": [
         "<3.1.0.8"
     ],
+    "pando": [
+        "<0.39"
+    ],
     "pastescript": [
         "<1.7.5"
     ],