Skip to content

Commit

Permalink
package/python-django: security bump to version 5.0.8
Browse files Browse the repository at this point in the history 
Django 5.0.7 fixes the following CVEs:

* CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords
* CVE-2024-39330: Potential directory-traversal via Storage.save()
* CVE-2024-39614: Potential denial-of-service vulnerability in get_supported_language_variant()

Django 5.0.8 fixes the following CVEs:

* CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat()
* CVE-2024-41990: Potential denial-of-service vulnerability in django.utils.html.urlize()
* CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget
* CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()

Further release Notes: https://docs.djangoproject.com/en/5.0/releases/

Signed-off-by: Marcus Hoffmann <[email protected]>
Signed-off-by: Thomas Petazzoni <[email protected]>
  • Loading branch information
@tpetazzoni
Marcus Hoffmann authored and tpetazzoni committed Aug 7, 2024
1 parent ed863ca commit f777ce1
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions package/python-django/python-django.hash
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/django/json
md5 1009c48d70060cadb40000cc15a8058a Django-5.0.3.tar.gz
sha256 5fb37580dcf4a262f9258c1f4373819aacca906431f505e4688e37f3a99195df Django-5.0.3.tar.gz
md5 fb167eef987a98421cad62036868a1ca Django-5.0.8.tar.gz
sha256 ebe859c9da6fead9c9ee6dbfa4943b04f41342f4cea2c4d8c978ef0d10694f2b Django-5.0.8.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
4 changes: 2 additions & 2 deletions package/python-django/python-django.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
#
################################################################################

PYTHON_DJANGO_VERSION = 5.0.3
PYTHON_DJANGO_VERSION = 5.0.8
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/e1/b1/ac6a16aaf0049637b50afbcf06b8ec2fa5c6ce42d4ae6ba66bbaf4c3609a
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/79/1c/55733805bb735e26fee0430045efdb61df6fd704b6aebf2154875ef9e6a9
PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE
PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject
Expand Down

0 comments on commit f777ce1

Please sign in to comment.