Request 720192: Incident python-Django - openSUSE Build Service

Overview

Request 720192 accepted

- Update to 2.2.4:
* CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
* Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
* Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).

- Update to 2.2.3:
* CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶

- update to 2.2.2
* Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468)
* Fixes CVE-2019-11358: Prototype pollution

Created by scarabeus_iv over 4 years ago
In state accepted
Open review for devel:languages:python:django / python-Django

Incident python-Django

Comments for request 720192 1

Leap Reviewbot (leaper) - over 4 years ago

devel:languages:python:django/python-Django@772c6f010288e92a4370241cd92ba17a -> openSUSE:Leap:15.1:Update/python-Django

expected origin is 'openSUSE:Factory' (changed)

sr#720189 waiting for review by licensedigger

found pending submission against origin (openSUSE:Factory)

Login required, please login in order to comment

Request History

scarabeus_iv created request over 4 years ago

- Update to 2.2.4:
* CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
* Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used (#30628).
* Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type (#30621).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00') (#30506).
* Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved (#30647).

- Update to 2.2.3:
* CVE-2019-12781 (bsc#1139945): Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶

- update to 2.2.2
* Fixes CVE-2019-12308: AdminURLFieldWidget XSS (bsc#1136468)
* Fixes CVE-2019-11358: Prototype pollution

factory-auto accepted review over 4 years ago

Check script succeeded

maintbot added python-Django as a reviewer over 4 years ago

Submission for python-Django by someone who is not maintainer in the devel project (devel:languages:python:django). Please review

maintbot accepted review over 4 years ago

ok

licensedigger accepted review over 4 years ago

ok

vitezslav_cizek accepted request over 4 years ago

Thanks. Overriding review as agreed

openSUSE Build Service is sponsored by