| Message ID | 20230320171331.1075061-1-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/python-web2py: security bump to version 2.23.1 | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2023-22432: Open redirect vulnerability exists in web2py > versions prior to 2.23.1. When using the tool, a web2py user may be > redirected to an arbitrary website by accessing a specially crafted URL. > As a result, the user may become a victim of a phishing attack. > https://github.com/web2py/web2py/compare/v2.23.0...v2.23.1 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks.
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2023-22432: Open redirect vulnerability exists in web2py > versions prior to 2.23.1. When using the tool, a web2py user may be > redirected to an arbitrary website by accessing a specially crafted URL. > As a result, the user may become a victim of a phishing attack. > https://github.com/web2py/web2py/compare/v2.23.0...v2.23.1 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2023.02.x and 2022.02.x, thanks.
diff --git a/package/python-web2py/python-web2py.hash b/package/python-web2py/python-web2py.hash index a853497768..c0ce0cc352 100644 --- a/package/python-web2py/python-web2py.hash +++ b/package/python-web2py/python-web2py.hash @@ -1,3 +1,3 @@ # sha256 locally computed -sha256 356f88b671e2bcdd9c89df526ee063ee9d6f4f57b60182ec2684adddcc426e99 python-web2py-2.23.0.tar.gz +sha256 f4066d76290b333bc1bb1cf4c23b612eebde712b7112e90a72e7609a14690d2c python-web2py-2.23.1.tar.gz sha256 2aae96826184a492bc799add49aed7b29036e7aba2d2294fb65053bd30fe55fe LICENSE diff --git a/package/python-web2py/python-web2py.mk b/package/python-web2py/python-web2py.mk index 4425b09d12..2a666cae17 100644 --- a/package/python-web2py/python-web2py.mk +++ b/package/python-web2py/python-web2py.mk @@ -4,7 +4,7 @@ # ################################################################################ -PYTHON_WEB2PY_VERSION = 2.23.0 +PYTHON_WEB2PY_VERSION = 2.23.1 PYTHON_WEB2PY_SITE = $(call github,web2py,web2py,v$(PYTHON_WEB2PY_VERSION)) PYTHON_WEB2PY_LICENSE = LGPL-3.0 PYTHON_WEB2PY_LICENSE_FILES = LICENSE
Fix CVE-2023-22432: Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. https://github.com/web2py/web2py/compare/v2.23.0...v2.23.1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/python-web2py/python-web2py.hash | 2 +- package/python-web2py/python-web2py.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)