[Buildroot] [PATCH] package/python-django: security bump to version 3.0.4

Peter Korsgaard peter at korsgaard.com
Thu Mar 5 15:38:12 UTC 2020


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security vulnerabilities:
 > - CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS
 >   functions and aggregates on Oracle.
 >   GIS functions and aggregates on Oracle were subject to SQL injection,
 >   using a suitably crafted tolerance.

 > For more details, see the advisory:
 > https://www.djangoproject.com/weblog/2020/mar/04/security-releases/

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list