deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/python-django/python-django.hash
Peter Korsgaard 36d78abceb package/python-django: security bump to version 3.0.7 
Fixes the following security issues:

- CVE-2020-13254: Potential data leakage via malformed memcached keys

  In cases where a memcached backend does not perform key validation,
  passing malformed cache keys could result in a key collision, and
  potential data leakage.  In order to avoid this vulnerability, key
  validation is added to the memcached cache backends.

- CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget

  Query parameters for the admin ForeignKeyRawIdWidget were not properly URL
  encoded, posing an XSS attack vector.  ForeignKeyRawIdWidget now ensures
  query parameters are correctly URL encoded.

For details, see the announcement:
https://docs.djangoproject.com/en/dev/releases/3.0.7/

Additionally, 3.0.5..3.0.7 contains a number of non-security related
bugfixes.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-06-04 22:48:29 +02:00

6 lines
321 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/django/json
md5 c3ac98d5503c671d316cf78ded3c9809 Django-3.0.7.tar.gz
sha256 5052b34b34b3425233c682e0e11d658fd6efd587d11335a0203d827224ada8f2 Django-3.0.7.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
Reference in a new issue View git blame Copy permalink