Fixes the following security vulnerability:
- CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode
characters, that compared equal to an existing user email when lower-cased
for comparison, an attacker could be sent a password reset token for the
matched account
In addition, a number of bugs have been fixed. For details, see the release
notes:
https://docs.djangoproject.com/en/dev/releases/3.0.1/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
# md5, sha256 from https://pypi.org/pypi/django/json
-md5 bd2aebfa7c1106755544f7f217d2acde Django-3.0.tar.gz
-sha256 d98c9b6e5eed147bc51f47c014ff6826bd1ab50b166956776ee13db5a58804ae Django-3.0.tar.gz
+md5 12f434ed7ccd6ee57be6f05a45e20e97 Django-3.0.1.tar.gz
+sha256 315b11ea265dd15348d47f2cbb044ef71da2018f6e582fed875c889758e6f844 Django-3.0.1.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
#
################################################################################
-PYTHON_DJANGO_VERSION = 3.0
+PYTHON_DJANGO_VERSION = 3.0.1
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/f8/46/b3b8c61f867827fff2305db40659495dcd64fb35c399e75c53f23c113871
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/44/e8/4ae9ef3d455f4ce5aa22259cb6e40c69b29ef6b02d49c5cdfa265f7fc821
PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE
PYTHON_DJANGO_SETUP_TYPE = setuptools
projects / buildroot.git / commitdiff