[Buildroot] [PATCH] python-django: security bump to version 1.11.15
Peter Korsgaard
peter at korsgaard.com
Fri Aug 17 16:57:58 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Bump to the latest release of the 1.11.x LTS series as 1.10.x is no longer
> supported upstream:
> https://www.djangoproject.com/download/
> Fixes the following security issues:
> - CVE-2017-12794: Possible XSS in traceback section of technical 500 debug
> page (1.11.5)
> - CVE-2018-6188: Information leakage in AuthenticationForm (1.11.10)
> - CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc
> template filters (1.11.11)
> - CVE-2018-7537: Denial-of-service possibility in truncatechars_html and
> truncatewords_html template filters (1.11.11)
> - CVE-2018-14574: Open redirect possibility in CommonMiddleware (1.11.15)
> Also add a hash for the license file.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list