projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c48f8a6) | patch
python-django: security bump to version 1.11.15
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 17 Aug 2018 14:47:36 +0000 (16:47 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 17 Aug 2018 16:58:05 +0000 (18:58 +0200)
commitae977e942893ac7e5c9b69418f047acae1603c27
tree1deeb3abba2de967733864e9558912e814e6c99ctree
parentc48f8a64626c60bd1b46804b7cf1a699ff53cdf3commit | diff
python-django: security bump to version 1.11.15

Bump to the latest release of the 1.11.x LTS series as 1.10.x is no longer
supported upstream:

https://www.djangoproject.com/download/

Fixes the following security issues:

- CVE-2017-12794: Possible XSS in traceback section of technical 500 debug
  page (1.11.5)

- CVE-2018-6188: Information leakage in AuthenticationForm (1.11.10)

- CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc
  template filters (1.11.11)

- CVE-2018-7537: Denial-of-service possibility in truncatechars_html and
  truncatewords_html template filters (1.11.11)

- CVE-2018-14574: Open redirect possibility in CommonMiddleware (1.11.15)

Also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-django/python-django.hash diff | blob | history
package/python-django/python-django.mk diff | blob | history