Navigation:
Browse pkgsrc
(this page)
www py-djang..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2024-03-04 16:47:29 by Adam Ciarcinski | Files touched by this commit (2) |  |
Log message: py-django3: updated to 3.2.25 Django 3.2.25 fixes a security issue with severity “moderate” and a \ regression in 3.2.24. CVE-2024-27351: Potential regular expression denial-of-service in \ django.utils.text.Truncator.words() django.utils.text.Truncator.words() method (with html=True) and \ truncatewords_html template filter were subject to a potential regular \ expression denial-of-service attack using a suitably crafted string (follow up \ to CVE-2019-14232 and CVE-2023-43665). Bugfixes Fixed a regression in Django 3.2.24 where intcomma template filter could return \ a leading comma for string representation of floats. |
| 2024-02-09 11:34:29 by Adam Ciarcinski | Files touched by this commit (4) |
Log message: Replace databases/py-mysqldb with databases/py-mysqlclient |
| 2024-02-08 23:46:48 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: py-django3: updated to 3.2.24 Django 3.2.24 fixes a security issue with severity “moderate” in 3.2.23. CVE-2024-24680: Potential denial-of-service in intcomma template filter The intcomma template filter was subject to a potential denial-of-service attack \ when used with very long strings. |
| 2023-11-01 21:17:00 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.23 Django 3.2.23 CVE-2023-46695: Potential denial of service vulnerability in UsernameField on Windows |
| 2023-10-04 22:13:51 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.22 Django 3.2.22 fixes a security issue with severity “moderate” in 3.2.21. CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator Following the fix for CVE-2019-14232, the regular expressions used in the \ implementation of django.utils.text.Truncator’s chars() and words() methods \ (with html=True) were revised and improved. However, these regular expressions \ still exhibited linear backtracking complexity, so when given a very long, \ potentially malformed HTML input, the evaluation would still be slow, leading to \ a potential denial of service vulnerability. The chars() and words() methods are used to implement the truncatechars_html and \ truncatewords_html template filters, which were thus also vulnerable. The input processed by Truncator, when operating in HTML mode, has been limited \ to the first five million characters in order to avoid potential performance and \ memory issues. |
| 2023-09-13 11:58:30 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.21 Django 3.2.21 fixes a security issue with severity “moderate” in 3.2.20. CVE-2023-41164: Potential denial of service vulnerability in \ django.utils.encoding.uri_to_iri() |
| 2023-08-04 07:22:05 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.20 Django 3.2.20 fixes a security issue with severity “moderate” in 3.2.19. CVE-2023-36053: Potential regular expression denial of service vulnerability in \ EmailValidator/URLValidator¶ EmailValidator and URLValidator were subject to potential regular expression \ denial of service attack via a very large number of domain name labels of emails \ and URLs. |
| 2023-05-10 11:01:46 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-django3: updated to 3.2.19 Django 3.2.19 CVE-2023-31047: Potential bypass of validation when uploading multiple files \ using one form field |
New packages: