[Buildroot] [PATCH 1/1] package/python-django: security bump to version 5.1.8
Julien Olivain
ju.o at free.fr
Thu Apr 10 20:34:15 UTC 2025
On 10/04/2025 22:11, Thomas Perale via buildroot wrote:
> Fixes the following security issues:
>
> - CVE-2025-26699: Potential denial-of-service vulnerability in
> django.utils.text.wrap()
>
> For more information, see:
> - https://nvd.nist.gov/vuln/detail/CVE-2025-26699
> -
> https://github.com/django/django/commit/8dbb44d34271637099258391dfc79df33951b841
>
> - CVE-2025-27556: Potential denial-of-service vulnerability in
> LoginView, LogoutView, and set_language() on Windows
>
> This CVE isn't related to buildroot has it is only applicable on
> Windows but this package version bump fix it.
>
> For more information, see:
> - https://nvd.nist.gov/vuln/detail/CVE-2025-27556
> -
> https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8
>
> For more details on the version bump, see the release notes:
> - https://docs.djangoproject.com/en/5.1/releases/5.1.8/
> - https://docs.djangoproject.com/en/5.1/releases/5.1.7/
> - https://docs.djangoproject.com/en/5.1/releases/5.1.6/
>
> Signed-off-by: Thomas Perale <thomas.perale at mind.be>
Applied to master, thanks.
More information about the buildroot
mailing list