Message ID | 20220115114244.1912724-1-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/python-django: security bump to version 3.2.11 | expand |
Fabrice, All, On 2022-01-15 12:42 +0100, Fabrice Fontaine spake thusly: > Fixes: > - CVE-2021-45115: Denial-of-service possibility in > UserAttributeSimilarityValidator > - CVE-2021-45116: Potential information disclosure in dictsort template > filter > - CVE-2021-45452: Potential directory-traversal via Storage.save() > > https://www.djangoproject.com/weblog/2022/jan/04/security-releases > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > package/python-django/python-django.hash | 4 ++-- > package/python-django/python-django.mk | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash > index 3eea17e70f..89bc5ffb19 100644 > --- a/package/python-django/python-django.hash > +++ b/package/python-django/python-django.hash > @@ -1,5 +1,5 @@ > # md5, sha256 from https://pypi.org/pypi/django/json > -md5 eaf0c3b4ac6b22cae9068360e6fd2d1b Django-3.2.10.tar.gz > -sha256 074e8818b4b40acdc2369e67dcd6555d558329785408dcd25340ee98f1f1d5c4 Django-3.2.10.tar.gz > +md5 6c4a53d2ccb464bc3dd772c6f2f07df9 Django-3.2.11.tar.gz > +sha256 69c94abe5d6b1b088bf475e09b7b74403f943e34da107e798465d2045da27e75 Django-3.2.11.tar.gz > # Locally computed sha256 checksums > sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE > diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk > index 4f80208f0e..25a645823b 100644 > --- a/package/python-django/python-django.mk > +++ b/package/python-django/python-django.mk > @@ -4,10 +4,10 @@ > # > ################################################################################ > > -PYTHON_DJANGO_VERSION = 3.2.10 > +PYTHON_DJANGO_VERSION = 3.2.11 > PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz > # The official Django site has an unpractical URL > -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/a5/8e/c6dfc718d572e4b33b56824b9e71e5ab9be8072e6747fc6184d206c3fdb3 > +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/20/86/e4348aac45bc83fc8e9dda2cfd81004b007c65b68c1499a4233acabdaa3b > > PYTHON_DJANGO_LICENSE = BSD-3-Clause > PYTHON_DJANGO_LICENSE_FILES = LICENSE > -- > 2.34.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fixes: > - CVE-2021-45115: Denial-of-service possibility in > UserAttributeSimilarityValidator > - CVE-2021-45116: Potential information disclosure in dictsort template > filter > - CVE-2021-45452: Potential directory-traversal via Storage.save() > https://www.djangoproject.com/weblog/2022/jan/04/security-releases > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2021.02.x and 2021.11.x, thanks.
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash index 3eea17e70f..89bc5ffb19 100644 --- a/package/python-django/python-django.hash +++ b/package/python-django/python-django.hash @@ -1,5 +1,5 @@ # md5, sha256 from https://pypi.org/pypi/django/json -md5 eaf0c3b4ac6b22cae9068360e6fd2d1b Django-3.2.10.tar.gz -sha256 074e8818b4b40acdc2369e67dcd6555d558329785408dcd25340ee98f1f1d5c4 Django-3.2.10.tar.gz +md5 6c4a53d2ccb464bc3dd772c6f2f07df9 Django-3.2.11.tar.gz +sha256 69c94abe5d6b1b088bf475e09b7b74403f943e34da107e798465d2045da27e75 Django-3.2.11.tar.gz # Locally computed sha256 checksums sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk index 4f80208f0e..25a645823b 100644 --- a/package/python-django/python-django.mk +++ b/package/python-django/python-django.mk @@ -4,10 +4,10 @@ # ################################################################################ -PYTHON_DJANGO_VERSION = 3.2.10 +PYTHON_DJANGO_VERSION = 3.2.11 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz # The official Django site has an unpractical URL -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/a5/8e/c6dfc718d572e4b33b56824b9e71e5ab9be8072e6747fc6184d206c3fdb3 +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/20/86/e4348aac45bc83fc8e9dda2cfd81004b007c65b68c1499a4233acabdaa3b PYTHON_DJANGO_LICENSE = BSD-3-Clause PYTHON_DJANGO_LICENSE_FILES = LICENSE
Fixes: - CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator - CVE-2021-45116: Potential information disclosure in dictsort template filter - CVE-2021-45452: Potential directory-traversal via Storage.save() https://www.djangoproject.com/weblog/2022/jan/04/security-releases Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/python-django/python-django.hash | 4 ++-- package/python-django/python-django.mk | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)