NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bb0db27065
kumquat-buildroot/package/python-django/python-django.hash
Peter Korsgaard 310d70cb08 package/python-django: security bump to version 5.0.10 
Fixes the following security issues:

CVE-2024-53907: Potential denial-of-service in
django.utils.html.strip_tags()

The strip_tags() method and striptags template filter are subject to a
potential denial-of-service attack via certain inputs containing large
sequences of nested incomplete HTML entities.

CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle

Direct usage of the django.db.models.fields.json.HasKey lookup on Oracle is
subject to SQL injection if untrusted data is used as a lhs value.
Applications that use the jsonfield.has_key lookup through the __ syntax are
unaffected.

https://www.djangoproject.com/weblog/2024/dec/04/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-12-19 09:44:32 +01:00

6 lines
326 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/django/json
md5 9e539af55750660a1095775fac910d1a Django-5.0.10.tar.gz
sha256 0f6cbc56cc298b0451d20a5120c6a8731e9073330fb5d84295c23c151a1eb300 Django-5.0.10.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
Reference in New Issue View Git Blame Copy Permalink