Path to this page:
Subject: CVS commit: pkgsrc/www/py-django2
From: Adam Ciarcinski
Date: 2021-02-05 08:52:37
Message id: 20210205075237.4D283FA95@cvs.NetBSD.org
Log Message:
py-django2: updated to 2.2.18
Django 2.2.18 fixes a security issue with severity “low” in 2.2.17.
CVE-2021-3281: Potential directory-traversal via archive.extract()
The django.utils.archive.extract() function, used by startapp --template and \
startproject --template, allowed directory-traversal via an archive with \
absolute paths or relative paths with dot segments.
Files: