package/python-web2py: security bump to version 2.26.1

Fix CVE-2023-45158: An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. https://jvn.jp/en/jp/JVN80476432 https://github.com/web2py/web2py/compare/v2.24.1...v2.26.1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-01 19:15:46 +01:00 · 2023-11-01 19:15:46 +01:00 · 30cb3d784c
commit 30cb3d784c
parent df74c56315
2 changed files with 2 additions and 2 deletions
--- a/package/python-web2py/python-web2py.hash
+++ b/package/python-web2py/python-web2py.hash
@ -1,3 +1,3 @@
 # sha256 locally computed
-sha256  db42d52097d43fa797c29f9ce1493d7356f192dd0c2590ec56f36022252c284b  python-web2py-2.24.1.tar.gz
+sha256  d5d79f6260ec9f53f90447ad59313a8fac0571fce0018aa5f6fcf95d28c04382  python-web2py-2.26.1.tar.gz
 sha256  2aae96826184a492bc799add49aed7b29036e7aba2d2294fb65053bd30fe55fe  LICENSE
--- a/package/python-web2py/python-web2py.mk
+++ b/package/python-web2py/python-web2py.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-PYTHON_WEB2PY_VERSION = 2.24.1
+PYTHON_WEB2PY_VERSION = 2.26.1
 PYTHON_WEB2PY_SITE = $(call github,web2py,web2py,v$(PYTHON_WEB2PY_VERSION))
 PYTHON_WEB2PY_LICENSE = LGPL-3.0
 PYTHON_WEB2PY_LICENSE_FILES = LICENSE