[Buildroot] [PATCH] package/python-django: security bump to version 3.0.13
Peter Korsgaard
peter at korsgaard.com
Sat Feb 27 17:57:27 UTC 2021
On Fri, Feb 19, 2021 at 10:59 AM Peter Korsgaard <peter at korsgaard.com> wrote:
>
> Fixes the following security issue:
>
> - CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()
>
> Django contains a copy of urllib.parse.parse_qsl() which was added to
> backport some security fixes. A further security fix has been issued
> recently such that parse_qsl() no longer allows using ; as a query
> parameter separator by default. Django now includes this fix. See
> bpo-42967 for further details.
>
> For more details, see the advisory:
> https://www.djangoproject.com/weblog/2021/feb/19/security-releases/
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2020.02.x and 2020.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list