[Buildroot] [PATCH] package/python-django: security bump to version 3.0.14

Peter Korsgaard peter at korsgaard.com
Wed Apr 7 09:18:56 UTC 2021


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issue:
 > CVE-2021-28658: Potential directory-traversal via uploaded files

 > MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.

 > Built-in upload handlers were not affected by this vulnerability.

 > For more details, see the announcement:
 > https://www.djangoproject.com/weblog/2021/apr/06/security-releases/

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list