Subject: CVS commit: pkgsrc/www/py-django
From: Adam Ciarcinski
Date: 2018-08-02 16:02:21
Message id: 20180802140221.70054FBEC@cvs.NetBSD.org

Log Message:
py-django: updated to 1.11.5

1.11.5:
Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware

If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if \ 
the project has a URL pattern that accepts any path ending in a slash (many \ 
content management systems have such a pattern), then a request to a maliciously \ 
crafted URL of that site could lead to a redirect to another site, enabling \ 
phishing and other attacks.

CommonMiddleware now escapes leading slashes to prevent redirects to other domains.

Files:
RevisionActionfile
1.101modifypkgsrc/www/py-django/Makefile
1.80modifypkgsrc/www/py-django/distinfo