Group :: Development/Python3
RPM: python3-module-django
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
31 agosto 2023 Alexey Shabalin <shaba at altlinux.org> 4.2.4-alt2
- Update BR.
- New version 4.2.4 (new 4.2 LTS release).
- New version 3.2.19.
- Fixes for the following security vulnerabilities:
+ CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator
- New version 3.2.19.
- Fixes for the following security vulnerabilities:
+ CVE-2023-31047 Potential bypass of validation when uploading multiple files using one form field
- New version 3.2.18.
- Fixes for the following security vulnerabilities:
+ CVE-2023-23969 Potential denial-of-service via ``Accept-Language`` headers
+ CVE-2023-24580 Potential denial-of-service vulnerability in file uploads
- new version 3.2.16
- Fixes for the following security vulnerabilities:
+ CVE-2022-41323 Potential denial-of-service vulnerability in internationalized URLs
- new version 3.2.15
- Fixes for the following security vulnerabilities:
+ CVE-2022-34265 Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments.
+ CVE-2022-36359 Potential reflected file download vulnerability in FileResponse.
- 3.2.12 -> 3.2.13
- Fixes:
* CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra()
* CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL
- 3.2.11 -> 3.2.12
- Fixes for the following security vulnerabilities:
+ CVE-2022-22818: Possible XSS via {% debug %} template tag.
+ CVE-2022-23833: Denial-of-service possibility in file uploads.
- new version 3.2.11
- Fixes for the following security vulnerabilities:
+ CVE-2021-45115 Prevented DoS vector in UserAttributeSimilarityValidator.
+ CVE-2021-45116 Fixed potential information disclosure in dictsort template filter.
+ CVE-2021-45452 Fixed potential path traversal in storage subsystem.
- new version 3.2.10
- Fixes for the following security vulnerabilities:
+ CVE-2021-44420 Fixed potential bypass of an upstream access control based on URL paths.
- new version 3.2.9
- new version 3.2.6
- Rename dbbackend-psycopg2 to dbbackend-postgresql
- Add dbbackend-oracle package
- Fixes for the following security vulnerabilities:
+ CVE-2021-35042 Potential SQL injection via unsanitized QuerySet.order_by() input
- new version 2.2.24
- Fixes for the following security vulnerabilities:
+ CVE-2021-28658 Potential directory-traversal via uploaded files
+ CVE-2021-31542 Potential directory-traversal via uploaded files
+ CVE-2021-32052 Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+
+ CVE-2021-33203 Potential directory traversal via admindocs
+ CVE-2021-33571 Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses
- Drop Provides: Django
- 2.2.19
- rename package to python3-module-django back
- Fixes for the following security vulnerabilities:
+ CVE-2021-3281 Potential directory-traversal via archive.extract()
+ CVE-2021-23336 Web cache poisoning via django.utils.http.limited_parse_qsl()
- Disable check for bootstrap of python3.9.
- new version 2.2.17
- Fixes for the following security vulnerabilities:
+ CVE-2020-13254 Potential data leakage via malformed memcached keys
+ CVE-2020-13596 Possible XSS via admin ForeignKeyRawIdWidget
+ CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
+ CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+
- add more provides
- merge tests package to main
- move bash-completions to %_datadir
- add man pages to package
- enable tests
- 2.2.12
- Fixes for the following security vulnerabilities:
+ CVE-2019-19118 Privilege escalation in the Django admin.
+ CVE-2019-19844 Potential account hijack via password reset form
+ CVE-2020-7471 Potential SQL injection via StringAgg(delimiter)
+ CVE-2020-9402 Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle
- Build with flagged conflict with python-module-django1.11
(due to file '/etc/bash_completion.d/django.sh').
- 2.2.4
- Fixes for the following security vulnerabilities:
+ CVE-2019-14232 Adjusted regex to avoid backtracking issues when truncating HTML
+ CVE-2019-14233 Prevented excessive HTMLParser recursion in strip_tags() when handling incomplete HTML entities
+ CVE-2019-14234 Protected JSONField/HStoreField key and index lookups against SQL injection
+ CVE-2019-14235 Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri()
- tear circular dependencies python3-module-django2.2 and python3-module-django2.2-tests
- 2.2.3
- build python3 only
- rename package to python3-module-django2.2
- Fixes for the following security vulnerabilities:
+ CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS
+ CVE-2019-12308 AdminURLFieldWidget XSS
+ CVE-2019-6975 Memory exhaustion in django.utils.numberformat.format()
+ CVE-2019-3498 Content spoofing possibility in the default 404 page
+ CVE-2018-16984 Password hash disclosure to view only admin users
+ CVE-2018-14574 Open redirect possibility in CommonMiddleware
+ CVE-2018-7536 Denial-of-service possibility in urlize and urlizetrunc template filters
+ CVE-2018-7537 Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
+ CVE-2018-6188 Information leakage in AuthenticationForm
- Build new version (Closes: #35861).
- Transfer to python3.
- Temporary disabled check.
- 1.8.18
- fixed CVE-2017-7233,CVE-2017-7234
- 1.8.17
- fixed CVE-2016-9013,CVE-2016-9014
- 1.8.15
- fixed CVE-2016-2512,CVE-2016-2513,CVE-2016-6186,CVE-2016-7401
- (NMU) rebuild with rpm-build-python3-0.1.10 (for new-style python3(*) reqs)
and with python3-3.5 (for byte-compilation).
- (NMU) rebuild with rpm-build-python3-0.1.9
(for common python3/site-packages/ and auto python3.3-ABI dep when needed)
- NMU: Use buildreq for BR.
- 1.8.7
- fixed CVE-2015-8213
- 1.8.5
- fixed CVE-2015-5143, CVE-2015-5144, CVE-2015-5145, CVE-2015-5964, CVE-2015-5963
- Version 1.8
- Version 1.8c1
- Version 1.8b1
- Version 1.7
- Version 1.6.6
- Version 1.6.5
- Use 'find... -exec...' instead of 'for ... $(find...'
- Version 1.5.1
- Fix python3-module-django
- Rebuild with Python-3.3
- Rename package to python-module-django
- Version 1.5.0
- Version 1.5.0-rc2
- Rename package to python-module-django1.5
- Remove %name-mod_python subpackage
- Version 1.5.0-alpha
- Version 1.4 (ALT #27288)
- Version 1.3.1. Security fixes:
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
- Rebuild with Python-2.7
- Version 1.3
- Version 1.2.5
- Version 1.2.3
- do not search for dependencies in django/contrib/gis/db/backends (closes: #23924)
- Version 1.2.1
- Added tests (ALT #22479)
- fix inherit with alt gear
- new version
- remove examples subpackage. It was removed from Django.
- new version
- Rebuilt with python 2.6
- add conflicts
- new version
- use python macros
- add doc and examples subpackages
- remove test files
- change depend for sqlite python module (Closes: #18957)
- new version (Closes: #21617)
- new version (Closes: #20300)
- new version from trunk
- remove needless -q option from setup macros
- remove commented lines
- turn off test section
- new version from trunk
- new version from trunk
- 1.0 release
- 1.0 beta 2
- 1.0 beta 1
- 1.0 alpha 2
- BuildReq updates
- First 1.0 alpha
- Spec updates
- Removed ChangeLog.bz2
- Use Django unit tests
- Latest SVN trunk sources (Closes: #15646)
- Security fixes (http://groups.google.com/group/django-developers/browse_thread/thread/903d7c2af239ec42)
- Spec updates (pack subdirs)
- Latest SVN trunk sources
- Fixed packages description
- SVN trunk
- Latest svn trunk sources
- Latest svn trunk sources
- Latest svn trunk sources
- Latest svn trunk sources
- Temporarily removed cx_Oracle requirement
- ChangeLog added to the docs
- Removed core/handler.py because it's deprecated
- Near the 0.97 release
- New version
- Spec cleanups (package names)
- Initial build for ALT Linux Sisyphus.