package/python-django: security bump to version 4.0.4
Fixes the following security issues: CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra() QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods. CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL QuerySet.explain() method was subject to SQL injection in option names, using a suitably crafted dictionary, with dictionary expansion, as the **options argument. For more details, see the advisory: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
607162a09c
commit
87b8676fbf
@ -1,5 +1,5 @@
|
|||||||
# md5, sha256 from https://pypi.org/pypi/django/json
|
# md5, sha256 from https://pypi.org/pypi/django/json
|
||||||
md5 a86339c0e87241597afa8744704d9965 Django-4.0.2.tar.gz
|
md5 153fcb5dd7360b7ad219d65cb53e2d57 Django-4.0.4.tar.gz
|
||||||
sha256 110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a Django-4.0.2.tar.gz
|
sha256 4e8177858524417563cc0430f29ea249946d831eacb0068a1455686587df40b5 Django-4.0.4.tar.gz
|
||||||
# Locally computed sha256 checksums
|
# Locally computed sha256 checksums
|
||||||
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
|
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
|
||||||
|
@ -4,10 +4,10 @@
|
|||||||
#
|
#
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
PYTHON_DJANGO_VERSION = 4.0.2
|
PYTHON_DJANGO_VERSION = 4.0.4
|
||||||
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
|
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
|
||||||
# The official Django site has an unpractical URL
|
# The official Django site has an unpractical URL
|
||||||
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/61/84/676c840e8f1188a6c836e3224b97aa8be4c2e6857c690d6c564eb23a4975
|
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/d2/95/93d1f75da95624bf89e373d079fa72debf77f9b10acc31998cc52a5ff3f9
|
||||||
|
|
||||||
PYTHON_DJANGO_LICENSE = BSD-3-Clause
|
PYTHON_DJANGO_LICENSE = BSD-3-Clause
|
||||||
PYTHON_DJANGO_LICENSE_FILES = LICENSE
|
PYTHON_DJANGO_LICENSE_FILES = LICENSE
|
||||||
|
Loading…
Reference in New Issue
Block a user