[Buildroot] [PATCH] package/python-django: security bump to version 3.2.10
Arnout Vandecappelle
arnout at mind.be
Thu Dec 16 19:08:44 UTC 2021
On 15/12/2021 18:08, Peter Korsgaard wrote:
> Fixes the following security issues:
>
> - CVE-2021-44420: Potential bypass of an upstream access control based on
> URL paths
>
> HTTP requests for URLs with trailing newlines could bypass an upstream
> access control based on URL paths.
>
> This issue has low severity, according to the Django security policy.
>
> https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
>
> In addition, 3.2.8 / 3.2.9 fixes a number of bugs.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Applied to master, thanks.
Regards,
Arnout
> ---
> package/python-django/python-django.hash | 4 ++--
> package/python-django/python-django.mk | 5 +++--
> 2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
> index ab89f0341c..3eea17e70f 100644
> --- a/package/python-django/python-django.hash
> +++ b/package/python-django/python-django.hash
> @@ -1,5 +1,5 @@
> # md5, sha256 from https://pypi.org/pypi/django/json
> -md5 2ade1eecca77640abbde6c4589da27dd Django-3.2.7.tar.gz
> -sha256 95b318319d6997bac3595517101ad9cc83fe5672ac498ba48d1a410f47afecd2 Django-3.2.7.tar.gz
> +md5 eaf0c3b4ac6b22cae9068360e6fd2d1b Django-3.2.10.tar.gz
> +sha256 074e8818b4b40acdc2369e67dcd6555d558329785408dcd25340ee98f1f1d5c4 Django-3.2.10.tar.gz
> # Locally computed sha256 checksums
> sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
> diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
> index 0850aa1358..4f80208f0e 100644
> --- a/package/python-django/python-django.mk
> +++ b/package/python-django/python-django.mk
> @@ -4,10 +4,11 @@
> #
> ################################################################################
>
> -PYTHON_DJANGO_VERSION = 3.2.7
> +PYTHON_DJANGO_VERSION = 3.2.10
> PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
> # The official Django site has an unpractical URL
> -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/59/45/c6fbb3a206df0b7dc3e6e8fae738e042c63d4ddf828c6e1ba10d7417a1d9
> +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/a5/8e/c6dfc718d572e4b33b56824b9e71e5ab9be8072e6747fc6184d206c3fdb3
> +
> PYTHON_DJANGO_LICENSE = BSD-3-Clause
> PYTHON_DJANGO_LICENSE_FILES = LICENSE
> PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject
>
More information about the buildroot
mailing list