From 11f8c11dfb61f1efa92d80de2d5ee915d73ff656 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 20 Mar 2023 18:13:31 +0100 Subject: [PATCH] package/python-web2py: security bump to version 2.23.1 Fix CVE-2023-22432: Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. https://github.com/web2py/web2py/compare/v2.23.0...v2.23.1 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/python-web2py/python-web2py.hash | 2 +- package/python-web2py/python-web2py.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/python-web2py/python-web2py.hash b/package/python-web2py/python-web2py.hash index a853497768..c0ce0cc352 100644 --- a/package/python-web2py/python-web2py.hash +++ b/package/python-web2py/python-web2py.hash @@ -1,3 +1,3 @@ # sha256 locally computed -sha256 356f88b671e2bcdd9c89df526ee063ee9d6f4f57b60182ec2684adddcc426e99 python-web2py-2.23.0.tar.gz +sha256 f4066d76290b333bc1bb1cf4c23b612eebde712b7112e90a72e7609a14690d2c python-web2py-2.23.1.tar.gz sha256 2aae96826184a492bc799add49aed7b29036e7aba2d2294fb65053bd30fe55fe LICENSE diff --git a/package/python-web2py/python-web2py.mk b/package/python-web2py/python-web2py.mk index 4425b09d12..2a666cae17 100644 --- a/package/python-web2py/python-web2py.mk +++ b/package/python-web2py/python-web2py.mk @@ -4,7 +4,7 @@ # ################################################################################ -PYTHON_WEB2PY_VERSION = 2.23.0 +PYTHON_WEB2PY_VERSION = 2.23.1 PYTHON_WEB2PY_SITE = $(call github,web2py,web2py,v$(PYTHON_WEB2PY_VERSION)) PYTHON_WEB2PY_LICENSE = LGPL-3.0 PYTHON_WEB2PY_LICENSE_FILES = LICENSE