pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/www/py-django
From: Adam Ciarcinski
Date: 2016-07-19 09:32:42
Message id: 20160719073242.8CA91FBB5@cvs.NetBSD.org

Log Message:
Django 1.9.8 fixes a security issue and several bugs in 1.9.7.

Unsafe usage of JavaScriptâs Element.innerHTML could result in XSS in the \ 
adminâs add/change related popup. Element.textContent is now used to \ 
prevent execution of the data.

The debug view also used innerHTML. Although a security issue wasnât \ 
identified there, out of an abundance of caution itâs also updated to use \ 
textContent.

Bugfixes:

* Fixed missing varchar/text_pattern_ops index on CharField and TextField \ 
respectively when using AddField on PostgreSQL.
* Fixed makemessages crash on Python 2 with non-ASCII file names.

Files:

Revision	Action	file
1.74	modify	pkgsrc/www/py-django/Makefile
1.40	modify	pkgsrc/www/py-django/PLIST
1.57	modify	pkgsrc/www/py-django/distinfo