public inbox for buildroot@busybox.net
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/python-django: security bump to 6.0.3
@ 2026-03-24  7:10 Manuel Diener
  2026-03-24 11:21 ` Julien Olivain via buildroot
  2026-04-03 10:28 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Manuel Diener @ 2026-03-24  7:10 UTC (permalink / raw)
  To: buildroot; +Cc: James Hilliard, Manuel Diener, Oli Vogt, Marcus Hoffmann

Fixes the following security issues:
CVE-2026-25673 (moderate): Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
CVE-2026-25674 (low): Potential incorrect permissions on newly created file system objects

See the release notes here:
https://docs.djangoproject.com/en/6.0/releases/6.0.3/

Signed-off-by: Manuel Diener <manuel.diener@oss.othermo.de>
---
 package/python-django/python-django.hash | 4 ++--
 package/python-django/python-django.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index f1ddcc7128..2722dd45f9 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,6 +1,6 @@
 # md5, sha256 from https://pypi.org/pypi/django/json
-md5  0836ceb8f1f4694f87f0a698c64bd00e  django-6.0.2.tar.gz
-sha256  3046a53b0e40d4b676c3b774c73411d7184ae2745fe8ce5e45c0f33d3ddb71a7  django-6.0.2.tar.gz
+md5  0bb395b518e2f2f17e1a936deb7ba74c  django-6.0.3.tar.gz
+sha256  90be765ee756af8a6cbd6693e56452404b5ad15294f4d5e40c0a55a0f4870fe1  django-6.0.3.tar.gz
 # Locally computed sha256 checksums
 sha256  b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669  LICENSE
 sha256  de642dff9b1019c2c7209032fb94ea92060084efb0bc4238d81a2219e21c7382  django/contrib/gis/measure.py
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index 18871163d6..0cc68129ee 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-PYTHON_DJANGO_VERSION = 6.0.2
+PYTHON_DJANGO_VERSION = 6.0.3
 PYTHON_DJANGO_SOURCE = django-$(PYTHON_DJANGO_VERSION).tar.gz
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/26/3e/a1c4207c5dea4697b7a3387e26584919ba987d8f9320f59dc0b5c557a4eb
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/80/e1/894115c6bd70e2c8b66b0c40a3c367d83a5a48c034a4d904d31b62f7c53a
 PYTHON_DJANGO_LICENSE = BSD-3-Clause, MIT (jquery, utils/archive.py), BSD-2-Clause (inlines.js), CC-BY-4.0 (admin svg files)
 PYTHON_DJANGO_LICENSE_FILES = LICENSE \
 	django/contrib/gis/measure.py \
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/python-django: security bump to 6.0.3
  2026-03-24  7:10 [Buildroot] [PATCH] package/python-django: security bump to 6.0.3 Manuel Diener
@ 2026-03-24 11:21 ` Julien Olivain via buildroot
  2026-04-03 10:28 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Julien Olivain via buildroot @ 2026-03-24 11:21 UTC (permalink / raw)
  To: Manuel Diener; +Cc: buildroot, James Hilliard, Oli Vogt, Marcus Hoffmann

On 24/03/2026 08:10, Manuel Diener wrote:
> Fixes the following security issues:
> CVE-2026-25673 (moderate): Potential denial-of-service vulnerability in 
> URLField via Unicode normalization on Windows
> CVE-2026-25674 (low): Potential incorrect permissions on newly created 
> file system objects
> 
> See the release notes here:
> https://docs.djangoproject.com/en/6.0/releases/6.0.3/
> 
> Signed-off-by: Manuel Diener <manuel.diener@oss.othermo.de>

Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/python-django: security bump to 6.0.3
  2026-03-24  7:10 [Buildroot] [PATCH] package/python-django: security bump to 6.0.3 Manuel Diener
  2026-03-24 11:21 ` Julien Olivain via buildroot
@ 2026-04-03 10:28 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-04-03 10:28 UTC (permalink / raw)
  To: Manuel Diener; +Cc: Thomas Perale, buildroot

In reply of:
> Fixes the following security issues:
> CVE-2026-25673 (moderate): Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
> CVE-2026-25674 (low): Potential incorrect permissions on newly created file system objects
> 
> See the release notes here:
> https://docs.djangoproject.com/en/6.0/releases/6.0.3/
> 
> Signed-off-by: Manuel Diener <manuel.diener@oss.othermo.de>

Applied to 2026.02.x. Thanks

> ---
>  package/python-django/python-django.hash | 4 ++--
>  package/python-django/python-django.mk   | 4 ++--
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
> index f1ddcc7128..2722dd45f9 100644
> --- a/package/python-django/python-django.hash
> +++ b/package/python-django/python-django.hash
> @@ -1,6 +1,6 @@
>  # md5, sha256 from https://pypi.org/pypi/django/json
> -md5  0836ceb8f1f4694f87f0a698c64bd00e  django-6.0.2.tar.gz
> -sha256  3046a53b0e40d4b676c3b774c73411d7184ae2745fe8ce5e45c0f33d3ddb71a7  django-6.0.2.tar.gz
> +md5  0bb395b518e2f2f17e1a936deb7ba74c  django-6.0.3.tar.gz
> +sha256  90be765ee756af8a6cbd6693e56452404b5ad15294f4d5e40c0a55a0f4870fe1  django-6.0.3.tar.gz
>  # Locally computed sha256 checksums
>  sha256  b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669  LICENSE
>  sha256  de642dff9b1019c2c7209032fb94ea92060084efb0bc4238d81a2219e21c7382  django/contrib/gis/measure.py
> diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
> index 18871163d6..0cc68129ee 100644
> --- a/package/python-django/python-django.mk
> +++ b/package/python-django/python-django.mk
> @@ -4,9 +4,9 @@
>  #
>  ################################################################################
>  
> -PYTHON_DJANGO_VERSION = 6.0.2
> +PYTHON_DJANGO_VERSION = 6.0.3
>  PYTHON_DJANGO_SOURCE = django-$(PYTHON_DJANGO_VERSION).tar.gz
> -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/26/3e/a1c4207c5dea4697b7a3387e26584919ba987d8f9320f59dc0b5c557a4eb
> +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/80/e1/894115c6bd70e2c8b66b0c40a3c367d83a5a48c034a4d904d31b62f7c53a
>  PYTHON_DJANGO_LICENSE = BSD-3-Clause, MIT (jquery, utils/archive.py), BSD-2-Clause (inlines.js), CC-BY-4.0 (admin svg files)
>  PYTHON_DJANGO_LICENSE_FILES = LICENSE \
>  	django/contrib/gis/measure.py \
> -- 
> 2.53.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-04-03 10:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-24  7:10 [Buildroot] [PATCH] package/python-django: security bump to 6.0.3 Manuel Diener
2026-03-24 11:21 ` Julien Olivain via buildroot
2026-04-03 10:28 ` Thomas Perale via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox