Path to this page:
Subject: CVS commit: pkgsrc/www/py-django2
From: Adam Ciarcinski
Date: 2020-06-03 17:28:38
Message id: 20200603152838.6DBCDFB27@cvs.NetBSD.org
Log Message:
py-django2: updated to 2.2.13
Django 2.2.13 fixes two security issues and a regression in 2.2.12.
CVE-2020-13254: Potential data leakage via malformed memcached keys
In cases where a memcached backend does not perform key validation, passing \
malformed cache keys could result in a key collision, and potential data \
leakage. In order to avoid this vulnerability, key validation is added to the \
memcached cache backends.
CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget
Query parameters for the admin ForeignKeyRawIdWidget were not properly URL \
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures query \
parameters are correctly URL encoded.
Bugfixes
Fixed a regression in Django 2.2.12 that affected translation loading for apps \
providing translations for territorial language variants as well as a generic \
language, where the project has different plural equations for the language.
Tracking a jQuery security release, upgraded the version of jQuery used by the \
admin from 3.3.1 to 3.5.1.
Files: