pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/py-django2 py-django2: updated to t 2.2.21
details: https://anonhg.NetBSD.org/pkgsrc/rev/d7dd4c2e276a
branches: trunk
changeset: 452041:d7dd4c2e276a
user: adam <adam%pkgsrc.org@localhost>
date: Wed May 05 07:04:18 2021 +0000
description:
py-django2: updated to t 2.2.21
Django 2.2.21 fixes a security issue in 2.2.20.
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected.
Django 2.2.20
CVE-2021-28658: Potential directory-traversal via uploaded files
MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.
Built-in upload handlers were not affected by this vulnerability.
diffstat:
www/py-django2/Makefile | 4 ++--
www/py-django2/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (27 lines):
diff -r 179ed7074684 -r d7dd4c2e276a www/py-django2/Makefile
--- a/www/py-django2/Makefile Wed May 05 06:27:45 2021 +0000
+++ b/www/py-django2/Makefile Wed May 05 07:04:18 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.33 2021/03/01 12:44:07 adam Exp $
+# $NetBSD: Makefile,v 1.34 2021/05/05 07:04:18 adam Exp $
-DISTNAME= Django-2.2.19
+DISTNAME= Django-2.2.21
PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl}
CATEGORIES= www python
MASTER_SITES= https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/
diff -r 179ed7074684 -r d7dd4c2e276a www/py-django2/distinfo
--- a/www/py-django2/distinfo Wed May 05 06:27:45 2021 +0000
+++ b/www/py-django2/distinfo Wed May 05 07:04:18 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.31 2021/03/01 12:44:07 adam Exp $
+$NetBSD: distinfo,v 1.32 2021/05/05 07:04:18 adam Exp $
-SHA1 (Django-2.2.19.tar.gz) = 7aef80dd858d268cc7dc15e8f3b5a43a5252edda
-RMD160 (Django-2.2.19.tar.gz) = 92fe0035ec141c915a5e06319a2f85755f7938e4
-SHA512 (Django-2.2.19.tar.gz) = 92f2200f147766349526d21b5240307e4f082f97fc5b80b55777330068a9da5eaa9941360ccdd729573d015d9a7a0430461f1ac61f749a0475c006981d8775ea
-Size (Django-2.2.19.tar.gz) = 9209434 bytes
+SHA1 (Django-2.2.21.tar.gz) = 203abbd4ab8dd336a5e1cfcacf2e481ac5a29979
+RMD160 (Django-2.2.21.tar.gz) = d2f9cf28cd455cd4c5b833757e19a7f101eaf4f6
+SHA512 (Django-2.2.21.tar.gz) = 37d1f58c23907792e49c827fe1efe4345fd5d74ca85b44d1f492d45c9f4f7cc9ebfbd59dc6a142bb24b666fb89e2ee62a3bc3e2242cd25d5c1e801a3f07a2589
+Size (Django-2.2.21.tar.gz) = 9209871 bytes
Home |
Main Index |
Thread Index |
Old Index