package/python-django: security bump to version 3.0.7
Fixes the following security issues:
- CVE-2020-13254: Potential data leakage via malformed memcached keys
In cases where a memcached backend does not perform key validation,
passing malformed cache keys could result in a key collision, and
potential data leakage. In order to avoid this vulnerability, key
validation is added to the memcached cache backends.
- CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget
Query parameters for the admin ForeignKeyRawIdWidget were not properly URL
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures
query parameters are correctly URL encoded.
For details, see the announcement:
https://docs.djangoproject.com/en/dev/releases/3.0.7/
Additionally, 3.0.5..3.0.7 contains a number of non-security related
bugfixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
projects / buildroot.git / commit