NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-django: security bump to version 4.0.4

Browse Source 
Fixes the following security issues:

CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()

QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.

CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL

QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.

For more details, see the advisory:
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2022-04-14 23:59:14 +02:00
parent 607162a09c
commit 87b8676fbf
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/python-django/python-django.hash
View File

@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/django/json # md5, sha256 from https://pypi.org/pypi/django/json
md5 a86339c0e87241597afa8744704d9965 Django-4.0.2.tar.gz md5 153fcb5dd7360b7ad219d65cb53e2d57 Django-4.0.4.tar.gz
sha256 110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a Django-4.0.2.tar.gz sha256 4e8177858524417563cc0430f29ea249946d831eacb0068a1455686587df40b5 Django-4.0.4.tar.gz
# Locally computed sha256 checksums # Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE

4
package/python-django/python-django.mk
View File

@ -4,10 +4,10 @@
# #
################################################################################ ################################################################################
PYTHON_DJANGO_VERSION = 4.0.2 PYTHON_DJANGO_VERSION = 4.0.4
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL # The official Django site has an unpractical URL
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/61/84/676c840e8f1188a6c836e3224b97aa8be4c2e6857c690d6c564eb23a4975 PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/d2/95/93d1f75da95624bf89e373d079fa72debf77f9b10acc31998cc52a5ff3f9
PYTHON_DJANGO_LICENSE = BSD-3-Clause PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE PYTHON_DJANGO_LICENSE_FILES = LICENSE