projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0f4ec05) | patch
package/python-django: security bump to version 3.0.14
authorPeter Korsgaard <peter@korsgaard.com>
Tue, 6 Apr 2021 20:48:31 +0000 (22:48 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 7 Apr 2021 07:26:25 +0000 (09:26 +0200)
commitcb5bfd63d9f521e0323ffd52f804900219e49330
treeef34cb1c4056965d4349e822655012d95e9d42c1tree
parent0f4ec05ed07865c86a261e453e78a508afca8ce4commit | diff
package/python-django: security bump to version 3.0.14

Fixes the following security issue:

CVE-2021-28658: Potential directory-traversal via uploaded files

MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.

Built-in upload handlers were not affected by this vulnerability.

For more details, see the announcement:
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-django/python-django.hash diff | blob | history
package/python-django/python-django.mk diff | blob | history