[pkgsrc/trunk]: pkgsrc/www/py-django2 py-django2: updated to t 2.2.21

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/py-django2 py-django2: updated to t 2.2.21
From: adam <adam%pkgsrc.org@localhost>
Date: Wed, 05 May 2021 08:08:02 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d7dd4c2e276a
branches:  trunk
changeset: 452041:d7dd4c2e276a
user:      adam <adam%pkgsrc.org@localhost>
date:      Wed May 05 07:04:18 2021 +0000

description:
py-django2: updated to t 2.2.21

Django 2.2.21 fixes a security issue in 2.2.20.
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected.

Django 2.2.20
CVE-2021-28658: Potential directory-traversal via uploaded files
MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.
Built-in upload handlers were not affected by this vulnerability.

diffstat:

 www/py-django2/Makefile |   4 ++--
 www/py-django2/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 179ed7074684 -r d7dd4c2e276a www/py-django2/Makefile
--- a/www/py-django2/Makefile   Wed May 05 06:27:45 2021 +0000
+++ b/www/py-django2/Makefile   Wed May 05 07:04:18 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.33 2021/03/01 12:44:07 adam Exp $
+# $NetBSD: Makefile,v 1.34 2021/05/05 07:04:18 adam Exp $
 
-DISTNAME=      Django-2.2.19
+DISTNAME=      Django-2.2.21
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME:tl}
 CATEGORIES=    www python
 MASTER_SITES=  https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/
diff -r 179ed7074684 -r d7dd4c2e276a www/py-django2/distinfo
--- a/www/py-django2/distinfo   Wed May 05 06:27:45 2021 +0000
+++ b/www/py-django2/distinfo   Wed May 05 07:04:18 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.31 2021/03/01 12:44:07 adam Exp $
+$NetBSD: distinfo,v 1.32 2021/05/05 07:04:18 adam Exp $
 
-SHA1 (Django-2.2.19.tar.gz) = 7aef80dd858d268cc7dc15e8f3b5a43a5252edda
-RMD160 (Django-2.2.19.tar.gz) = 92fe0035ec141c915a5e06319a2f85755f7938e4
-SHA512 (Django-2.2.19.tar.gz) = 92f2200f147766349526d21b5240307e4f082f97fc5b80b55777330068a9da5eaa9941360ccdd729573d015d9a7a0430461f1ac61f749a0475c006981d8775ea
-Size (Django-2.2.19.tar.gz) = 9209434 bytes
+SHA1 (Django-2.2.21.tar.gz) = 203abbd4ab8dd336a5e1cfcacf2e481ac5a29979
+RMD160 (Django-2.2.21.tar.gz) = d2f9cf28cd455cd4c5b833757e19a7f101eaf4f6
+SHA512 (Django-2.2.21.tar.gz) = 37d1f58c23907792e49c827fe1efe4345fd5d74ca85b44d1f492d45c9f4f7cc9ebfbd59dc6a142bb24b666fb89e2ee62a3bc3e2242cd25d5c1e801a3f07a2589
+Size (Django-2.2.21.tar.gz) = 9209871 bytes

Prev by Date: [pkgsrc/trunk]: pkgsrc/math/py-numpy py-numpy: allow python 3.6 again
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated www/py-django3, www/py-django2
Previous by Thread: [pkgsrc/trunk]: pkgsrc/math/py-numpy py-numpy: allow python 3.6 again
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated www/py-django3, www/py-django2
Indexes:

Home | Main Index | Thread Index | Old Index