* [Buildroot] [PATCH] package/python-django: security bump to v6.0.6
@ 2026-06-12 9:08 Titouan Christophe via buildroot
2026-06-12 16:50 ` Julien Olivain via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Titouan Christophe via buildroot @ 2026-06-12 9:08 UTC (permalink / raw)
To: buildroot; +Cc: James Hilliard, Manuel Diener, Oli Vogt, Marcus Hoffmann
See the release notes:
https://docs.djangoproject.com/en/6.0/releases/6.0.6/
This fixes the following vulnerabilities:
- CVE-2026-6873 : Signed cookie salt namespace collision
- CVE-2026-7666 : Potential unencrypted email transmission via STARTTLS
in the SMTP backend
- CVE-2026-8404 : Potential exposure of private data via case-sensitive
Cache-Control directives
- CVE-2026-35193: Potential exposure of private data via missing
Vary: Authorization
- CVE-2026-48587: Potential exposure of private data via whitespace padding
in Vary header
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
---
package/python-django/python-django.hash | 4 ++--
package/python-django/python-django.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index 5af043f2c2..993b7b0d68 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,6 +1,6 @@
# md5, sha256 from https://pypi.org/pypi/django/json
-md5 44c18a8f264c1326e6fe4f1053fea5fc django-6.0.5.tar.gz
-sha256 bc6d6872e98a2864c836e42edd644b362db311147dd5aa8d5b82ba7a032f5269 django-6.0.5.tar.gz
+md5 b45e074d29f85e1417fb2d2ea97c2df3 django-6.0.6.tar.gz
+sha256 ad03916ba59523d781ae5c3f631960c23d69a9d9c43cecda52fc23b47e953713 django-6.0.6.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
sha256 be30dc0e3f7010af6c453d205feaece1f89494789b6e92f0c255ef597a1e6864 django/contrib/gis/measure.py
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index fe88128e24..764e72084c 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PYTHON_DJANGO_VERSION = 6.0.5
+PYTHON_DJANGO_VERSION = 6.0.6
PYTHON_DJANGO_SOURCE = django-$(PYTHON_DJANGO_VERSION).tar.gz
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/source/d/django
PYTHON_DJANGO_LICENSE = BSD-3-Clause, MIT (jquery, utils/archive.py), BSD-2-Clause (inlines.js), CC-BY-4.0 (admin svg files)
--
2.54.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-12 16:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-12 9:08 [Buildroot] [PATCH] package/python-django: security bump to v6.0.6 Titouan Christophe via buildroot
2026-06-12 16:50 ` Julien Olivain via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox