[Buildroot] [PATCH] package/python-django: security bump to version 3.0.12
Peter Korsgaard
peter at korsgaard.com
Wed Feb 3 19:26:49 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2021-3281: Potential directory-traversal via archive.extract()
> The django.utils.archive.extract() function, used by startapp --template and
> startproject --template, allowed directory-traversal via an archive with
> absolute paths or relative paths with dot segments.
> For details, see the advisory:
> https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
> Additionally, 3.0.11 fixed a regression:
> https://docs.djangoproject.com/en/3.1/releases/3.0.11/
> Update indentation in hash file (two spaces).
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2020.02.x and 2020.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list