Subject: CVS commit: pkgsrc/www/py-django2
From: Adam Ciarcinski
Date: 2021-05-05 09:04:18
Message id: 20210505070418.C11F9FA95@cvs.NetBSD.org

Log Message:
py-django2: updated to t 2.2.21

Django 2.2.21 fixes a security issue in 2.2.20.
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via \ 
uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now \ 
applied. Specifically, empty file names and paths with dot segments will be \ 
rejected.

Django 2.2.20
CVE-2021-28658: Potential directory-traversal via uploaded files
MultiPartParser allowed directory-traversal via uploaded files with suitably \ 
crafted file names.
Built-in upload handlers were not affected by this vulnerability.

Files:
RevisionActionfile
1.32modifypkgsrc/www/py-django2/distinfo
1.34modifypkgsrc/www/py-django2/Makefile