projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 75c5cc2) | patch
package/python-django: security bump to version 3.0.4
authorPeter Korsgaard <peter@korsgaard.com>
Wed, 4 Mar 2020 19:54:52 +0000 (20:54 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 5 Mar 2020 15:35:37 +0000 (16:35 +0100)
commitcba42d7f55b5845160b710c4488b95089c7cb558
tree4014c8a8fb20fa676fc1d490af9a8560ef28ad8ctree
parent75c5cc23b43bbe1fd3c7abbd27752afa902e9e4ecommit | diff
package/python-django: security bump to version 3.0.4

Fixes the following security vulnerabilities:

- CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS
  functions and aggregates on Oracle.
  GIS functions and aggregates on Oracle were subject to SQL injection,
  using a suitably crafted tolerance.

For more details, see the advisory:
https://www.djangoproject.com/weblog/2020/mar/04/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-django/python-django.hash diff | blob | history
package/python-django/python-django.mk diff | blob | history