Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-Django1

Gayane Osipyan's avatar Gayane Osipyan (gosipyan) accepted request 1148933 from Guang Yee's avatar Guang Yee (yeey) (revision 18) 
- Add CVE-2024-24680.patch (bsc#1219683, CVE-2024-24680)
Jan Zerebecki's avatar Jan Zerebecki (jzerebecki) accepted request 1146262 from Gayane Osipyan's avatar Gayane Osipyan (gosipyan) (revision 17) 
- Add CVE-2023-43665.patch (bsc#1215978, CVE-2023-43665)
  * Denial-of-service possibility in django.utils.text.Truncator

- Add CVE-2023-41164.patch (bsc#1214667, CVE-2023-41164)
    * Potential denial of service vulnerability
      in django.utils.encoding.uri_to_iri()

- Add CVE-2023-36053.patch (bsc#1212742, CVE-2023-36053)

- Add CVE-2023-24580-DOS_file_upload.patch (CVE-2023-24580,
  bsc#1208082) to prevent DOS in file uploads.

- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
  to avoid source_validator incorrectly trying to use it as a detached
  signature file for the sources tarball.

- Add CVE-2022-28346.patch (bsc#1198398, CVE-2022-28346)
    * Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265.patch (bsc#1201186, CVE-2022-34265)
    * SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Jan Zerebecki's avatar Jan Zerebecki (jzerebecki) accepted request 891341 from Johannes Grassler's avatar Johannes Grassler (jgrassler) (revision 15) 
- Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
    * Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file
      uploads.
Johannes Grassler's avatar Johannes Grassler (jgrassler) committed (revision 14) 
- Add CVE-2021-28658.patch (bsc#1184148, CVE-2021-28658)
  * Fixed potential directory-traversal via uploaded files

- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
  * Fixed web cache poisoning via django.utils.http.limited_parse_qsl()
Jeremy Moffitt's avatar Jeremy Moffitt (jeremy_moffitt) accepted request 873799 from Johannes Grassler's avatar Johannes Grassler (jgrassler) (revision 13) 
- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
  * Fixed web cache poisoning via django.utils.http.limited_parse_qsl()
Johannes Grassler's avatar Johannes Grassler (jgrassler) committed (revision 12) 
- Add CVE-2021-3281.patch (bsc#1181379, CVE-2021-3281)
  * Fixes a potential directory traversal when extracting archives
Flávio Ramalho's avatar Flávio Ramalho (flaviosr) accepted request 817883 from Johannes Grassler's avatar Johannes Grassler (jgrassler) (revision 11) 
- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)
  * Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
  * Pinned PyYAML < 5.3 in test requirements.
  * Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
  * Fixed timezones tests for PyYAML 5.3+.
  * Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
  * Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.
  * Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
  * Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.

  * Added patch CVE-2020-13254.patch
  * Added patch CVE-2020-13596.patch
Johannes Grassler's avatar Johannes Grassler (jgrassler) accepted request 811716 from Johannes Grassler's avatar Johannes Grassler (jgrassler) (revision 10) 
- Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254,  CVE-2020-13596)
  * Added patch CVE-2020-13254-1.8.19.patch
  * Added patch CVE-2020-13596-1.8.19.patch
Johannes Grassler's avatar Johannes Grassler (jgrassler) accepted request 734245 from Jacek Tomasiak's avatar Jacek Tomasiak (jtomasiak) (revision 9) 
- Update to 1.11.24:
  * Fixed crash of KeyTransform() for JSONField and HStoreField when using
    on expressions with params (#30672).
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 8) 
- remove CVE-2019-12308.patch (merged upstream)

- Fix CVE-2019-12308 (bsc#1136468)
  * Added file CVE-2019-12308.patch.
  * Made AdminURLFieldWidget validate URL before rendering clickable link.
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 7) 
- Update to 1.11.23:
  * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
    bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
  * Just security fixes
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 6) 
- update to 1.11.22:
  * fix bnc#1136468 - CVE-2019-12308: AdminURLFieldWidget XSS

- update to 1.11.20 (bsc#1124991, CVE-2019-6975):
  * Memory exhaustion in ``django.utils.numberformat.format()``
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 5) 
osc copypac from project:devel:languages:python:django package:python-Django1 revision:24, using expand
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 4) 
- update to 1.11.20 (bsc#1124991, CVE-2019-6975):
  * Memory exhaustion in ``django.utils.numberformat.format()``
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 2) 
osc copypac from project:devel:languages:python:backports package:python-Django1 revision:1, using keep-link, using expand
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 1) 
osc copypac from project:devel:languages:python:backports package:python-Django1 revision:1, using expand
Displaying all 18 revisions
openSUSE Build Service is sponsored by
Places