Revisions of python-Django1
Gayane Osipyan (gosipyan)
accepted
request 1148933
from
Guang Yee (yeey)
(revision 18)
- Add CVE-2024-24680.patch (bsc#1219683, CVE-2024-24680)
Jan Zerebecki (jzerebecki)
accepted
request 1146262
from
Gayane Osipyan (gosipyan)
(revision 17)
- Add CVE-2023-43665.patch (bsc#1215978, CVE-2023-43665) * Denial-of-service possibility in django.utils.text.Truncator - Add CVE-2023-41164.patch (bsc#1214667, CVE-2023-41164) * Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() - Add CVE-2023-36053.patch (bsc#1212742, CVE-2023-36053) - Add CVE-2023-24580-DOS_file_upload.patch (CVE-2023-24580, bsc#1208082) to prevent DOS in file uploads. - Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt to avoid source_validator incorrectly trying to use it as a detached signature file for the sources tarball. - Add CVE-2022-28346.patch (bsc#1198398, CVE-2022-28346) * Potential SQL injection in QuerySet.annotate(),aggregate() and extra() - Add CVE-2022-34265.patch (bsc#1201186, CVE-2022-34265) * SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Jan Zerebecki (jzerebecki)
accepted
request 891341
from
Johannes Grassler (jgrassler)
(revision 15)
- Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542) * Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
Johannes Grassler (jgrassler)
committed
(revision 14)
- Add CVE-2021-28658.patch (bsc#1184148, CVE-2021-28658) * Fixed potential directory-traversal via uploaded files - Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336) * Fixed web cache poisoning via django.utils.http.limited_parse_qsl()
Jeremy Moffitt (jeremy_moffitt)
accepted
request 873799
from
Johannes Grassler (jgrassler)
(revision 13)
- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336) * Fixed web cache poisoning via django.utils.http.limited_parse_qsl()
Johannes Grassler (jgrassler)
committed
(revision 12)
- Add CVE-2021-3281.patch (bsc#1181379, CVE-2021-3281) * Fixes a potential directory traversal when extracting archives
Flávio Ramalho (flaviosr)
accepted
request 817883
from
Johannes Grassler (jgrassler)
(revision 11)
- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844) * Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle. * Pinned PyYAML < 5.3 in test requirements. * Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter. * Fixed timezones tests for PyYAML 5.3+. * Fixed CVE-2019-19844 -- Used verified user email for password reset requests. * Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs. * Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform. * Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation. * Added patch CVE-2020-13254.patch * Added patch CVE-2020-13596.patch
Johannes Grassler (jgrassler)
accepted
request 811716
from
Johannes Grassler (jgrassler)
(revision 10)
- Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596) * Added patch CVE-2020-13254-1.8.19.patch * Added patch CVE-2020-13596-1.8.19.patch
Johannes Grassler (jgrassler)
accepted
request 734245
from
Jacek Tomasiak (jtomasiak)
(revision 9)
- Update to 1.11.24: * Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672).
Dirk Mueller (dirkmueller)
committed
(revision 8)
- remove CVE-2019-12308.patch (merged upstream) - Fix CVE-2019-12308 (bsc#1136468) * Added file CVE-2019-12308.patch. * Made AdminURLFieldWidget validate URL before rendering clickable link.
Dirk Mueller (dirkmueller)
committed
(revision 7)
- Update to 1.11.23: * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880 * Just security fixes
Dirk Mueller (dirkmueller)
committed
(revision 6)
- update to 1.11.22: * fix bnc#1136468 - CVE-2019-12308: AdminURLFieldWidget XSS - update to 1.11.20 (bsc#1124991, CVE-2019-6975): * Memory exhaustion in ``django.utils.numberformat.format()``
Dirk Mueller (dirkmueller)
committed
(revision 5)
osc copypac from project:devel:languages:python:django package:python-Django1 revision:24, using expand
Dirk Mueller (dirkmueller)
committed
(revision 4)
- update to 1.11.20 (bsc#1124991, CVE-2019-6975): * Memory exhaustion in ``django.utils.numberformat.format()``
Dirk Mueller (dirkmueller)
accepted
request 664129
from
Keith Berger (kberger65)
(revision 3)
Fixed bug 1120932
Dirk Mueller (dirkmueller)
committed
(revision 2)
osc copypac from project:devel:languages:python:backports package:python-Django1 revision:1, using keep-link, using expand
Dirk Mueller (dirkmueller)
committed
(revision 1)
osc copypac from project:devel:languages:python:backports package:python-Django1 revision:1, using expand
Displaying all 18 revisions