* [Buildroot] [git commit branch/2019.02.x] package/python-django: security bump to version 2.1.10
@ 2019-07-07 6:45 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2019-07-07 6:45 UTC (permalink / raw
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=920e467980e3d697fe98fdb2a8984706dbc75bc3
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2019.02.x
Fixes the following security vulnerabilities:
CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via
HTTPS
For more details, see the announcement:
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9f87b3785fe15d0b57f9b1820456b29f3c6a7284)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/python-django/python-django.hash | 4 ++--
package/python-django/python-django.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index c325116779..8cb60adf0c 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/django/json
-md5 909c2e7761893a922dcf721521d9239e Django-2.1.9.tar.gz
-sha256 5052def4ff0a84bdf669827fdbd7b7cc1ac058f10232be6b21f37c6824f578da Django-2.1.9.tar.gz
+md5 2162aed4111da837433f41a9eed5c8bd Django-2.1.10.tar.gz
+sha256 65e2a548a52fca560cdd4e35f4fa1a79140f405af48950e59702a37e4227e958 Django-2.1.10.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index 041822ea13..09c178288c 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,10 +4,10 @@
#
################################################################################
-PYTHON_DJANGO_VERSION = 2.1.9
+PYTHON_DJANGO_VERSION = 2.1.10
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/c1/b3/3cdc60dc2e3c11236539f9470e42c5075a2e9c9f4885f5b4b912e9f19992
+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/be/1b/009ec818adf51c7641f3bd9dae778e8b28291b3ceedb352317b0eeafd7ff
PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE
PYTHON_DJANGO_SETUP_TYPE = setuptools
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-07-07 6:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-07 6:45 [Buildroot] [git commit branch/2019.02.x] package/python-django: security bump to version 2.1.10 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.