* [Buildroot] [PATCH] package/python-django: security bump to version 4.0.8
@ 2022-10-17 17:29 Peter Korsgaard
2022-10-17 21:13 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2022-10-17 17:29 UTC (permalink / raw)
To: buildroot; +Cc: Oli Vogt, Asaf Kahlon
Fixes the following security issues:
- CVE-2022-36359: Potential reflected file download vulnerability in
FileResponse (4.0.7)
https://www.djangoproject.com/weblog/2022/aug/03/security-releases/
- CVE-2022-41323: Potential denial-of-service vulnerability in
internationalized URLs (4.0.8)
https://www.djangoproject.com/weblog/2022/oct/04/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python-django/python-django.hash | 4 ++--
package/python-django/python-django.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index bfc9219c7e..72adc30bb1 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/django/json
-md5 ad4e850c7110a45a6c7778d5bd01b85e Django-4.0.6.tar.gz
-sha256 a67a793ff6827fd373555537dca0da293a63a316fe34cb7f367f898ccca3c3ae Django-4.0.6.tar.gz
+md5 75ec07b3e00c79fd6e67fbee53786b7a Django-4.0.8.tar.gz
+sha256 07e6433f263c3839939cfabeb6d7557841e0419e47759a7b7d37f6d44d40adcb Django-4.0.8.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index d49c845d54..567d590f77 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,10 +4,10 @@
#
################################################################################
-PYTHON_DJANGO_VERSION = 4.0.6
+PYTHON_DJANGO_VERSION = 4.0.8
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/a4/17/b10aa26d7a566a3c19e9d29fac39c8643cbceb6cd7649a378d676839b5db
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/1a/de/08d8a349ed0e3e1999eb86ae0347cc9eaf634cd65f1eb80b9387ac1dbe3c
PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-17 21:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-10-17 17:29 [Buildroot] [PATCH] package/python-django: security bump to version 4.0.8 Peter Korsgaard
2022-10-17 21:13 ` Thomas Petazzoni via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.