dd4e09e0e4
Fix CVE-2021-35042: Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. https://www.djangoproject.com/weblog/2021/jul/01/security-releases https://docs.djangoproject.com/en/dev/releases/3.2.5 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
18 lines
675 B
Makefile
18 lines
675 B
Makefile
################################################################################
|
|
#
|
|
# python-django
|
|
#
|
|
################################################################################
|
|
|
|
PYTHON_DJANGO_VERSION = 3.2.5
|
|
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
|
|
# The official Django site has an unpractical URL
|
|
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/95/3b/468fa33908feefac03c0a773bd73bb8a1ab1fb4ee06e9dd62d24981f4603
|
|
PYTHON_DJANGO_LICENSE = BSD-3-Clause
|
|
PYTHON_DJANGO_LICENSE_FILES = LICENSE
|
|
PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject
|
|
PYTHON_DJANGO_CPE_ID_PRODUCT = django
|
|
PYTHON_DJANGO_SETUP_TYPE = setuptools
|
|
|
|
$(eval $(python-package))
|