Subject: CVS commit: pkgsrc/www/py-django3
From: Adam Ciarcinski
Date: 2021-02-05 08:55:02
Message id: 20210205075502.790CBFA95@cvs.NetBSD.org

Log Message:
py-django3: updated to 3.1.6

Django 3.1.6 fixes a security issue with severity “low” and a bug in 3.1.5.

CVE-2021-3281: Potential directory-traversal via archive.extract()

The django.utils.archive.extract() function, used by startapp --template and \ 
startproject --template, allowed directory-traversal via an archive with \ 
absolute paths or relative paths with dot segments.

Bugfixes

Fixed an admin layout issue in Django 3.1 where changelist filter controls would \ 
become squashed

Files:
RevisionActionfile
1.12modifypkgsrc/www/py-django3/Makefile
1.12modifypkgsrc/www/py-django3/distinfo