3e4f6e1b20
Fix CVE-2022-34265: An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. https://www.djangoproject.com/weblog/2022/jul/04/security-releases Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 lines
324 B
Plaintext
6 lines
324 B
Plaintext
# md5, sha256 from https://pypi.org/pypi/django/json
|
|
md5 ad4e850c7110a45a6c7778d5bd01b85e Django-4.0.6.tar.gz
|
|
sha256 a67a793ff6827fd373555537dca0da293a63a316fe34cb7f367f898ccca3c3ae Django-4.0.6.tar.gz
|
|
# Locally computed sha256 checksums
|
|
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
|