deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/python-django/python-django.hash
Peter Korsgaard eaefa775ed package/python-django: security bump to version 3.0.10 
Fixes the following security issues:

CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to
intermediate-level directories created in the process of uploading files and
to intermediate-level collected static directories when using the
collectstatic management command.

You should review and manually fix permissions on existing
intermediate-level directories.

CVE-2020-24584: Permission escalation in intermediate-level directories of
the file system cache on Python 3.7+
On Python 3.7+, the intermediate-level directories of the file system cache
had the system’s standard umask rather than 0o077 (no group or others
permissions).

https://docs.djangoproject.com/en/dev/releases/3.0.10/

In addition, 3.0.8..10 contains a number of bugfixes.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-09-01 20:14:43 +02:00

6 lines
323 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/django/json
md5 deec48e8713727e443a7cee6b54baaeb Django-3.0.10.tar.gz
sha256 2d14be521c3ae24960e5e83d4575e156a8c479a75c935224b671b1c6e66eddaf Django-3.0.10.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
Reference in a new issue View git blame Copy permalink