[Buildroot] [PATCH 1/1] package/python-django: security bump to version 5.1.8

Arnout Vandecappelle arnout at rnout.be
Wed Apr 16 21:33:44 UTC 2025 

On 10/04/2025 22:11, Thomas Perale via buildroot wrote:
> Fixes the following security issues:
>
> - CVE-2025-26699: Potential denial-of-service vulnerability in
>      django.utils.text.wrap()
>
> For more information, see:
>    - https://nvd.nist.gov/vuln/detail/CVE-2025-26699
>    - https://github.com/django/django/commit/8dbb44d34271637099258391dfc79df33951b841
>
> - CVE-2025-27556: Potential denial-of-service vulnerability in
>      LoginView, LogoutView, and set_language() on Windows
>
> This CVE isn't related to buildroot has it is only applicable on
> Windows but this package version bump fix it.
>
> For more information, see:
>    - https://nvd.nist.gov/vuln/detail/CVE-2025-27556
>    - https://github.com/django/django/commit/edc2716d01a6fdd84b173c02031695231bcee1f8
>
> For more details on the version bump, see the release notes:
>    - https://docs.djangoproject.com/en/5.1/releases/5.1.8/
>    - https://docs.djangoproject.com/en/5.1/releases/5.1.7/
>    - https://docs.djangoproject.com/en/5.1/releases/5.1.6/
>
> Signed-off-by: Thomas Perale <thomas.perale at mind.be>

  Applied to 2025.02.x, thanks.

  Regards,
  Arnout

> ---
>   package/python-django/python-django.hash | 4 ++--
>   package/python-django/python-django.mk   | 4 ++--
>   2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
> index 6632246af8..1e197004d0 100644
> --- a/package/python-django/python-django.hash
> +++ b/package/python-django/python-django.hash
> @@ -1,5 +1,5 @@
>   # md5, sha256 from https://pypi.org/pypi/django/json
> -md5  272e951dbc4ccb7854c5a69aa5650749  Django-5.1.5.tar.gz
> -sha256  19bbca786df50b9eca23cee79d495facf55c8f5c54c529d9bf1fe7b5ea086af3  Django-5.1.5.tar.gz
> +md5  80247a8b48cdac55e5ad3fb682ab71a3  Django-5.1.8.tar.gz
> +sha256  42e92a1dd2810072bcc40a39a212b693f94406d0ba0749e68eb642f31dc770b4  Django-5.1.8.tar.gz
>   # Locally computed sha256 checksums
>   sha256  b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669  LICENSE
> diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
> index 81d526ca35..b64d8e4cd1 100644
> --- a/package/python-django/python-django.mk
> +++ b/package/python-django/python-django.mk
> @@ -4,10 +4,10 @@
>   #
>   ################################################################################
>   
> -PYTHON_DJANGO_VERSION = 5.1.5
> +PYTHON_DJANGO_VERSION = 5.1.8
>   PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
>   # The official Django site has an unpractical URL
> -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/e4/17/834e3e08d590dcc27d4cc3c5cd4e2fb757b7a92bab9de8ee402455732952
> +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/00/40/45adc1b93435d1b418654a734b68351bb6ce0a0e5e37b2f0e9aeb1a2e233
>   PYTHON_DJANGO_LICENSE = BSD-3-Clause
>   PYTHON_DJANGO_LICENSE_FILES = LICENSE
>   PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject

More information about the buildroot mailing list