[Buildroot] [PATCH] package/python-django: security bump to version 3.0.3
Peter Korsgaard
peter at korsgaard.com
Sat Mar 7 20:53:47 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-7471: Potential SQL injection via StringAgg(delimiter)
> django.contrib.postgres.aggregates.StringAgg aggregation function was
> subject to SQL injection, using a suitably crafted delimiter.
> For more details, see the advisory:
> https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
For 2019.02.x and 2019.11.x I have instead bumped to 2.2.11, which
contains the same fixes as in 3.0.3 and 3.0.4.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list