projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 42ee122) | patch
package/python-django: security bump to version 3.2.5
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Wed, 14 Jul 2021 08:50:44 +0000 (10:50 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Thu, 15 Jul 2021 20:48:14 +0000 (22:48 +0200)
commitdd4e09e0e4a8d0daeff62a8998eed250a49e0bcf
treed8fd26f3f5b6769933ae8330d88660ababb9a850tree
parent42ee122862bf226b304340f5b42f4280abfacb7ecommit | diff
package/python-django: security bump to version 3.2.5

Fix CVE-2021-35042: Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5
allows QuerySet.order_by SQL injection if order_by is untrusted input
from a client of a web application.

https://www.djangoproject.com/weblog/2021/jul/01/security-releases
https://docs.djangoproject.com/en/dev/releases/3.2.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/python-django/python-django.hash diff | blob | history
package/python-django/python-django.mk diff | blob | history