[Buildroot] [PATCH 1/1] package/python-django: security bump to version 3.2.4

Peter Korsgaard peter at korsgaard.com
Wed Jun 23 07:03:50 UTC 2021

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Django 3.2.4 fixes two security issues and several bugs in 3.2.3.
 > - CVE-2021-33203: Potential directory traversal via ``admindocs``
 > - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks
 >   since validators accepted leading zeros in IPv4 addresses

 > https://github.com/django/django/blob/3.2.4/docs/releases/3.2.4.txt

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list