Navigation:
Browse pkgsrc
(this page)
www py-djang..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2020-03-12 17:22:38 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: py-django: updated to 1.11.29 Django 1.11.29 fixes a security issue in 1.11.28. CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions \ and aggregates on Oracle GIS functions and aggregates on Oracle were subject to SQL injection, using a \ suitably crafted tolerance. |
| 2020-02-04 18:23:11 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.28 Django 1.11.28 fixes a security issue: CVE-2020-7471: Potential SQL injection via StringAgg(delimiter) StringAgg aggregation function was subject to SQL injection, using a suitably \ crafted delimiter. |
| 2019-12-19 14:39:50 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.27 Django 1.11.27 fixes a security issue and a data loss bug in 1.11.26. CVE-2019-19844: Potential account hijack via password reset form By submitting a suitably crafted email address making use of Unicode characters, \ that compared equal to an existing user email when lower-cased for comparison, \ an attacker could be sent a password reset token for the matched account. In order to avoid this vulnerability, password reset requests now compare the \ submitted email using the stricter, recommended algorithm for case-insensitive \ comparison of two identifiers from Unicode Technical Report 36, section \ 2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to \ the email address on record rather than the submitted address. Bugfixes * Fixed a data loss possibility in SplitArrayField. When using with \ ArrayField(BooleanField()), all values after the first True value were marked as \ checked instead of preserving passed values |
| 2019-11-05 08:40:16 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.26 Django 1.11.26: Fixed a crash when using a contains, contained_by, has_key, has_keys, or \ has_any_keys lookup on JSONField, if the right or left hand side of an \ expression is a key transform. |
| 2019-10-01 19:56:03 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.25 Django 1.11.25: Fixed a crash when filtering with a Subquery() annotation of a queryset \ containing JSONField or HStoreField |
| 2019-09-04 10:31:06 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.24 Django 1.11.24 fixes a regression in 1.11.23. Bugfixes Fixed crash of KeyTransform() for JSONField and HStoreField when using on \ expressions with params |
| 2019-08-06 11:30:46 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.23 Django 1.11.23: * CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator * CVE-2019-14233: Denial-of-service possibility in strip_tags() * CVE-2019-14234: SQL injection possibility in key and index lookups for \ JSONField/HStoreField * CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri() |
| 2019-07-01 20:23:53 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django: updated to 1.11.22 Django 1.11.22: Fix CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS |
New packages: