Navigation:
Browse pkgsrc
(this page) 2022-09-14 12:00:40 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: py-django3: updated to 3.2.15 Django 3.2.15 fixes a security issue with severity “high” CVE-2022-36359: Potential reflected file download vulnerability in FileResponse¶ An application may have been vulnerable to a reflected file download (RFD) \ attack that sets the Content-Disposition header of a FileResponse when the \ filename was derived from user-supplied input. The filename is now escaped to \ avoid this possibility. |
| 2022-04-20 14:29:47 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.13 Django 3.2.13 fixes two security issues with severity “high” in 3.2.12 and a \ regression in 3.2.4. CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and \ extra() QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL \ injection in column aliases, using a suitably crafted dictionary, with \ dictionary expansion, as the **kwargs passed to these methods. CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL QuerySet.explain() method was subject to SQL injection in option names, using a \ suitably crafted dictionary, with dictionary expansion, as the **options \ argument. Bugfixes Fixed a regression in Django 3.2.4 that caused the auto-reloader to no longer \ detect changes when the DIRS option of the TEMPLATES setting contained an empty \ string |
| 2022-02-02 11:23:41 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-django3: updated to 3.2.12
Django 3.2.12 fixes two security issues with severity “medium” in 3.2.11.
CVE-2022-22818: Possible XSS via {% debug %} template tag
CVE-2022-23833: Denial-of-service possibility in file uploads
|
| 2022-01-19 10:51:25 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.11 Django 3.2.11 fixes one security issue with severity “medium” and two \ security issues with severity “low” in 3.2.10. - CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator - CVE-2021-45116: Potential information disclosure in dictsort template filter - CVE-2021-45452: Potential directory-traversal via Storage.save() |
| 2022-01-05 16:51:59 by Thomas Klausner | Files touched by this commit (4) |
Log message: py-django*: switch to USE_PKG_RESOURCES |
| 2022-01-05 11:09:54 by Thomas Klausner | Files touched by this commit (4) |
Log message: py-django*: add dependency on py-setuptools These use pkg_resources. Noted by joerg. Bump PKGREVISION. |
| 2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message: *: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS |
| 2021-12-14 10:00:38 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.10 3.2.10: CVE-2021-44420: Potential bypass of an upstream access control based on URL paths¶ HTTP requests for URLs with trailing newlines could bypass an upstream access \ control based on URL paths. Bugfixes Fixed a regression in Django 3.2 that caused a crash of setUpTestData() with \ BinaryField on PostgreSQL, which is memoryview-backed |
| 2021-11-04 14:37:34 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.9 Django 3.2.9 fixes a bug in 3.2.8 and adds compatibility with Python 3.10. Bugfixes Fixed a bug in Django 3.2 that caused a migration crash on SQLite when altering \ a field with a functional index |
| 2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030) |
Log message: www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz |
New packages: