[layerindex-web][PATCH] requirements.txt: bump Django version to fix CVE-2019-19844

All of lore.kernel.org
 help / color / mirror / Atom feed

* [layerindex-web][PATCH] requirements.txt: bump Django version to fix CVE-2019-19844
@ 2019-12-19 21:29 Paul Eggleton
  0 siblings, 0 replies; only message in thread
From: Paul Eggleton @ 2019-12-19 21:29 UTC (permalink / raw)
  To: yocto

Fixes a vulnerability in the password reset process due to
insufficiently stringent validation of unicode email addresses.

https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
https://nvd.nist.gov/vuln/detail/CVE-2019-19844

(The existing version specification would have selected the fixed
version of Django already for new installs, but bumping the minimum
ensures that it will be installed for upgrades with
./dockersetup.py -u as well.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 07d8495e..4ba53971 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,7 @@ beautifulsoup4==4.8.1
 billiard==3.6.1.0
 celery==4.3.0
 confusable-homoglyphs==3.2.0
-Django>=1.11.24,<1.12
+Django>=1.11.27,<1.12
 django-appconf==1.0.3
 django-axes==4.5.4
 django-bootstrap-pagination==1.7.1
-- 
2.20.1


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2019-12-19 21:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-12-19 21:29 [layerindex-web][PATCH] requirements.txt: bump Django version to fix CVE-2019-19844 Paul Eggleton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.