From: Peter Korsgaard <peter@korsgaard.com>
To: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
Cc: Asaf Kahlon <asafka7@gmail.com>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Oli Vogt <oli.vogt.pub01@gmail.com>
Subject: Re: [Buildroot] [PATCH] package/python-django: security bump to 4.1.10
Date: Thu, 14 Sep 2023 11:47:52 +0200 [thread overview]
Message-ID: <87a5tpxf07.fsf@48ers.dk> (raw)
In-Reply-To: <20230902221217.3577073-1-thomas.petazzoni@bootlin.com> (Thomas Petazzoni via buildroot's message of "Sun, 3 Sep 2023 00:12:17 +0200")
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:
> 4.1.9 is affected by CVE-2023-36053, and 4.1.10 was released to fix
> it. The changes between 4.1.9 and 4.1.10 are just:
> f9a14b8f0668029fb7e0aebcae57b60dcec4a529 (tag: 4.1.10) [4.1.x] Bumped version for 4.1.10 release.
> beb3f3d55940d9aa7198bf9d424ab74e873aec3d [4.1.x] Fixed CVE-2023-36053
> -- Prevented potential ReDoS in EmailValidator and URLValidator.
> 3b48fe413f91612fb8c43fe9d489860d10c84bf7 [4.1.x] Added stub release notes for 4.1.10 and 3.2.20.
> 0e5948b8df5d25deb48a505cbf16f010d9dc603c [4.1.x] Fixed
> MultipleFileFieldTest.test_file_multiple_validation() test if Pillow
> isn't installed.
> 66e1e9b006618ba00e804d18bd90d3a9e94801b3 [4.1.x] Added CVE-2023-31047 to security archive.
> d1385cc51b142b05b21b721d9d68fc461bc7241f [4.1.x] Post-release version bump.
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Committed to 2023.02.x and 2023.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-09-14 9:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-02 22:12 [Buildroot] [PATCH] package/python-django: security bump to 4.1.10 Thomas Petazzoni via buildroot
2023-09-03 19:32 ` Peter Korsgaard
2023-09-14 9:47 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a5tpxf07.fsf@48ers.dk \
--to=peter@korsgaard.com \
--cc=asafka7@gmail.com \
--cc=buildroot@buildroot.org \
--cc=oli.vogt.pub01@gmail.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox