* [Buildroot] [git commit] package/python-django: security bump to version 4.0.8
@ 2022-10-17 20:37 Thomas Petazzoni via buildroot
2022-11-02 22:55 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-10-17 20:37 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=5b5d3befef9c92a7485c1c68989d95749882ee2a
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes the following security issues:
- CVE-2022-36359: Potential reflected file download vulnerability in
FileResponse (4.0.7)
https://www.djangoproject.com/weblog/2022/aug/03/security-releases/
- CVE-2022-41323: Potential denial-of-service vulnerability in
internationalized URLs (4.0.8)
https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
package/python-django/python-django.hash | 4 ++--
package/python-django/python-django.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index bfc9219c7e..72adc30bb1 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/django/json
-md5 ad4e850c7110a45a6c7778d5bd01b85e Django-4.0.6.tar.gz
-sha256 a67a793ff6827fd373555537dca0da293a63a316fe34cb7f367f898ccca3c3ae Django-4.0.6.tar.gz
+md5 75ec07b3e00c79fd6e67fbee53786b7a Django-4.0.8.tar.gz
+sha256 07e6433f263c3839939cfabeb6d7557841e0419e47759a7b7d37f6d44d40adcb Django-4.0.8.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index d49c845d54..567d590f77 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,10 +4,10 @@
#
################################################################################
-PYTHON_DJANGO_VERSION = 4.0.6
+PYTHON_DJANGO_VERSION = 4.0.8
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/a4/17/b10aa26d7a566a3c19e9d29fac39c8643cbceb6cd7649a378d676839b5db
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/1a/de/08d8a349ed0e3e1999eb86ae0347cc9eaf634cd65f1eb80b9387ac1dbe3c
PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [git commit] package/python-django: security bump to version 4.0.8
2022-10-17 20:37 [Buildroot] [git commit] package/python-django: security bump to version 4.0.8 Thomas Petazzoni via buildroot
@ 2022-11-02 22:55 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2022-11-02 22:55 UTC (permalink / raw)
To: Thomas Petazzoni via buildroot; +Cc: Thomas Petazzoni
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=5b5d3befef9c92a7485c1c68989d95749882ee2a
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Fixes the following security issues:
> - CVE-2022-36359: Potential reflected file download vulnerability in
> FileResponse (4.0.7)
> https://www.djangoproject.com/weblog/2022/aug/03/security-releases/
> - CVE-2022-41323: Potential denial-of-service vulnerability in
> internationalized URLs (4.0.8)
> https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-11-02 22:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-17 20:37 [Buildroot] [git commit] package/python-django: security bump to version 4.0.8 Thomas Petazzoni via buildroot
2022-11-02 22:55 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.