projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ff60c4c) | patch
package/python-flask-cors: security bump to version 3.0.9
authorPeter Korsgaard <peter@korsgaard.com>
Wed, 18 Nov 2020 15:47:42 +0000 (16:47 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 20 Nov 2020 17:18:30 +0000 (18:18 +0100)
commitc356b20ba8afa79b08fc3d30a1c3f60d9f3c6f65
tree5fe133b839c27afbf4ba7b129b9b4b23de1d9aabtree
parentff60c4c533096f8fd69c31d9f57ed1daa596d08acommit | diff
package/python-flask-cors: security bump to version 3.0.9

Fixes the following security issue:

- CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware
  for Flask) before 3.0.9.  It allows ../ directory traversal to access
  private resources because resource matching does not ensure that pathnames
  are in a canonical format.

Also drop outdated md5 checksum and fix .hash indentation.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-flask-cors/python-flask-cors.hash diff | blob | history
package/python-flask-cors/python-flask-cors.mk diff | blob | history