Path to this page:
Subject: CVS commit: pkgsrc/www/py-django2
From: Adam Ciarcinski
Date: 2020-03-12 17:21:02
Message id: 20200312162102.769F3FB27@cvs.NetBSD.org
Log Message:
py-django2: updated to 2.2.11
Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.
CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \
and aggregates on Oracle
GIS functions and aggregates on Oracle were subject to SQL injection, using a \
suitably crafted tolerance.
Bugfixes
Fixed a data loss possibility in the select_for_update(). When using related \
fields or parent link fields with Multi-table inheritance in the of argument, \
the corresponding models were not locked
Files: