projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0f4ec05)
package/python-django: security bump to version 3.0.14
authorPeter Korsgaard <peter@korsgaard.com>
Tue, 6 Apr 2021 20:48:31 +0000 (22:48 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 7 Apr 2021 07:26:25 +0000 (09:26 +0200)
Fixes the following security issue:

CVE-2021-28658: Potential directory-traversal via uploaded files

MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.

Built-in upload handlers were not affected by this vulnerability.

For more details, see the announcement:
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-django/python-django.hash patch | blob | history
package/python-django/python-django.mk patch | blob | history

diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index f40cfa8f3c89a4d7a2f77ee4659270b0ae4f03aa..1cc4b5ecc956c7718bbcf146e8ead6c6a0c283b0 100644 (file)
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/django/json
-md5  7020810fb65b17e82d22001883b63a12  Django-3.0.13.tar.gz
-sha256  6f13c3e8109236129c49d65a42fbf30c928e66b05ca6862246061b9343ecbaf2  Django-3.0.13.tar.gz
+md5  f444fdd6ff8edec132991cbc343368d4  Django-3.0.14.tar.gz
+sha256  d58d8394036db75a81896037d757357e79406e8f68816c3e8a28721c1d9d4c11  Django-3.0.14.tar.gz
 # Locally computed sha256 checksums
 sha256  b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669  LICENSE
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index 593b0c60439a7e1345102a36423bbb45b44771ad..cb8f5492d66df8a20921ff8f3860dc7db3ddc391 100644 (file)
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,10 +4,10 @@
 #
 ################################################################################
 
-PYTHON_DJANGO_VERSION = 3.0.13
+PYTHON_DJANGO_VERSION = 3.0.14
 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
 # The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/3b/fe/11ec9b4cbae447e7b90d551be035d55c1293973592b491540334452f1f1f
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/76/0e/5d847a77b7b42cacd01405b45e4e370124c1d8a15970865df5ab0f09f83a
 PYTHON_DJANGO_LICENSE = BSD-3-Clause
 PYTHON_DJANGO_LICENSE_FILES = LICENSE
 PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject