NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6354a7a29d
kumquat-buildroot/package/python-django/python-django.hash
Peter Korsgaard 87b8676fbf package/python-django: security bump to version 4.0.4 
Fixes the following security issues:

CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()

QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
injection in column aliases, using a suitably crafted dictionary, with
dictionary expansion, as the **kwargs passed to these methods.

CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL

QuerySet.explain() method was subject to SQL injection in option names,
using a suitably crafted dictionary, with dictionary expansion, as the
**options argument.

For more details, see the advisory:
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-16 15:44:30 +02:00

6 lines
324 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/django/json
md5 153fcb5dd7360b7ad219d65cb53e2d57 Django-4.0.4.tar.gz
sha256 4e8177858524417563cc0430f29ea249946d831eacb0068a1455686587df40b5 Django-4.0.4.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
Reference in New Issue View Git Blame Copy Permalink