From 30cb3d784c73d56e18eb294907b124053b2c37a0 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Wed, 1 Nov 2023 19:15:46 +0100 Subject: [PATCH] package/python-web2py: security bump to version 2.26.1 Fix CVE-2023-45158: An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. https://jvn.jp/en/jp/JVN80476432 https://github.com/web2py/web2py/compare/v2.24.1...v2.26.1 Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- package/python-web2py/python-web2py.hash | 2 +- package/python-web2py/python-web2py.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/python-web2py/python-web2py.hash b/package/python-web2py/python-web2py.hash index 03c71db8a5..1b4d8f5632 100644 --- a/package/python-web2py/python-web2py.hash +++ b/package/python-web2py/python-web2py.hash @@ -1,3 +1,3 @@ # sha256 locally computed -sha256 db42d52097d43fa797c29f9ce1493d7356f192dd0c2590ec56f36022252c284b python-web2py-2.24.1.tar.gz +sha256 d5d79f6260ec9f53f90447ad59313a8fac0571fce0018aa5f6fcf95d28c04382 python-web2py-2.26.1.tar.gz sha256 2aae96826184a492bc799add49aed7b29036e7aba2d2294fb65053bd30fe55fe LICENSE diff --git a/package/python-web2py/python-web2py.mk b/package/python-web2py/python-web2py.mk index 91c041f6f2..fe7774fc2b 100644 --- a/package/python-web2py/python-web2py.mk +++ b/package/python-web2py/python-web2py.mk @@ -4,7 +4,7 @@ # ################################################################################ -PYTHON_WEB2PY_VERSION = 2.24.1 +PYTHON_WEB2PY_VERSION = 2.26.1 PYTHON_WEB2PY_SITE = $(call github,web2py,web2py,v$(PYTHON_WEB2PY_VERSION)) PYTHON_WEB2PY_LICENSE = LGPL-3.0 PYTHON_WEB2PY_LICENSE_FILES = LICENSE