Página inicial Explorar Ajuda
Registrar Entrar
PUBLIC_REPOS
/
buildroot
mirror de git://git.buildroot.net/buildroot
2
1
Fork 0
Arquivos
Ver código fonte

package/python-django: security bump to version 5.0.8

Django 5.0.7 fixes the following CVEs:

* CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords
* CVE-2024-39330: Potential directory-traversal via Storage.save()
* CVE-2024-39614: Potential denial-of-service vulnerability in get_supported_language_variant()

Django 5.0.8 fixes the following CVEs:

* CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
* CVE-2024-41990: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
* CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()

Further release Notes: https://docs.djangoproject.com/en/5.0/releases/

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit f777ce1fd6b9e0537593a70940dc23f4ca177054)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Marcus Hoffmann 1 ano atrás
pai
6ca8443f98
commit
90cd6b3574
2 arquivos alterados com 4 adições e 4 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 2 2
      package/python-django/python-django.hash
  2. 2 2
      package/python-django/python-django.mk

+ 2 - 2
package/python-django/python-django.hash
Ver arquivo 

@@ -1,5 +1,5 @@
 
 # md5, sha256 from https://pypi.org/pypi/django/json
 
-md5  1009c48d70060cadb40000cc15a8058a  Django-5.0.3.tar.gz
 
-sha256  5fb37580dcf4a262f9258c1f4373819aacca906431f505e4688e37f3a99195df  Django-5.0.3.tar.gz
 
+md5  fb167eef987a98421cad62036868a1ca  Django-5.0.8.tar.gz
 
+sha256  ebe859c9da6fead9c9ee6dbfa4943b04f41342f4cea2c4d8c978ef0d10694f2b  Django-5.0.8.tar.gz
 
 # Locally computed sha256 checksums
 
 sha256  b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669  LICENSE

+ 2 - 2
package/python-django/python-django.mk
Ver arquivo 

@@ -4,10 +4,10 @@
 
 #
 
 ################################################################################
 
 
-PYTHON_DJANGO_VERSION = 5.0.3
 
+PYTHON_DJANGO_VERSION = 5.0.8
 
 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
 
 # The official Django site has an unpractical URL
 
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/e1/b1/ac6a16aaf0049637b50afbcf06b8ec2fa5c6ce42d4ae6ba66bbaf4c3609a
 
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/79/1c/55733805bb735e26fee0430045efdb61df6fd704b6aebf2154875ef9e6a9
 
 PYTHON_DJANGO_LICENSE = BSD-3-Clause
 
 PYTHON_DJANGO_LICENSE_FILES = LICENSE
 
 PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject