[Buildroot] [PATCH 1/1] package/python-django: security bump to version 3.2.4
Peter Korsgaard
peter at korsgaard.com
Wed Jun 23 07:03:50 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Django 3.2.4 fixes two security issues and several bugs in 3.2.3.
> - CVE-2021-33203: Potential directory traversal via ``admindocs``
> - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
> since validators accepted leading zeros in IPv4 addresses
> https://github.com/django/django/blob/3.2.4/docs/releases/3.2.4.txt
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list