Next | Query returned 41 messages, browsing 11 to 20 | Previous

History of commit frequency

CVS Commit History:


   2022-11-18 07:00:20 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.16

Django 3.2.16 fixes a security issue with severity “medium” in 3.2.15.

CVE-2022-41323: Potential denial-of-service vulnerability in internationalized URLs

Internationalized URLs were subject to potential denial of service attack via \ 
the locale parameter.
   2022-09-14 12:00:40 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.15

Django 3.2.15 fixes a security issue with severity “high”

CVE-2022-36359: Potential reflected file download vulnerability in FileResponse¶

An application may have been vulnerable to a reflected file download (RFD) \ 
attack that sets the Content-Disposition header of a FileResponse when the \ 
filename was derived from user-supplied input. The filename is now escaped to \ 
avoid this possibility.
   2022-04-20 14:29:47 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.13

Django 3.2.13 fixes two security issues with severity “high” in 3.2.12 and a \ 
regression in 3.2.4.

CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and \ 
extra()

QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL \ 
injection in column aliases, using a suitably crafted dictionary, with \ 
dictionary expansion, as the **kwargs passed to these methods.

CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL

QuerySet.explain() method was subject to SQL injection in option names, using a \ 
suitably crafted dictionary, with dictionary expansion, as the **options \ 
argument.

Bugfixes

Fixed a regression in Django 3.2.4 that caused the auto-reloader to no longer \ 
detect changes when the DIRS option of the TEMPLATES setting contained an empty \ 
string
   2022-02-02 11:23:41 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.12

Django 3.2.12 fixes two security issues with severity “medium” in 3.2.11.

CVE-2022-22818: Possible XSS via {% debug %} template tag

CVE-2022-23833: Denial-of-service possibility in file uploads
   2022-01-19 10:51:25 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.11

Django 3.2.11 fixes one security issue with severity “medium” and two \ 
security issues with severity “low” in 3.2.10.
- CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator
- CVE-2021-45116: Potential information disclosure in dictsort template filter
- CVE-2021-45452: Potential directory-traversal via Storage.save()
   2022-01-05 16:51:59 by Thomas Klausner | Files touched by this commit (4)
Log message:
py-django*: switch to USE_PKG_RESOURCES
   2022-01-05 11:09:54 by Thomas Klausner | Files touched by this commit (4)
Log message:
py-django*: add dependency on py-setuptools

These use pkg_resources.

Noted by joerg.

Bump PKGREVISION.
   2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)
Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS
   2021-12-14 10:00:38 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.10

3.2.10:

CVE-2021-44420: Potential bypass of an upstream access control based on URL paths¶

HTTP requests for URLs with trailing newlines could bypass an upstream access \ 
control based on URL paths.

Bugfixes

Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with \ 
BinaryField on PostgreSQL, which is memoryview-backed
   2021-11-04 14:37:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-django3: updated to 3.2.9

Django 3.2.9 fixes a bug in 3.2.8 and adds compatibility with Python 3.10.

Bugfixes

Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering \ 
a field with a functional index

Next | Query returned 41 messages, browsing 11 to 20 | Previous