[Buildroot] [PATCH] package/python-django: security bump to version 2.1.7

Peter Korsgaard peter at korsgaard.com
Thu Feb 21 15:21:01 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

 > If django.utils.numberformat.format() – used by contrib.admin as well as the
 > the floatformat, filesizeformat, and intcomma templates filters – received a
 > Decimal with a large number of digits or a large exponent, it could lead to
 > significant memory usage due to a call to '{:f}'.format().

 > To avoid this, decimals with more than 200 digits are now formatted using
 > scientific notation.

 > https://docs.djangoproject.com/en/2.1/releases/2.1.6/

 > 2.1.6 contained a packaging error, fixed by 2.1.7:

 > https://docs.djangoproject.com/en/2.1/releases/2.1.7/

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2018.11.x, thanks.

For 2018.02.x I will instead use 1.11.20:

https://docs.djangoproject.com/en/2.1/releases/1.11.20/

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list