seedsigner/buildroot
seedsigner/buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-django: security bump to version 5.1.5

Browse Source 
Fixes the following vulnerability:

CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation

Lack of upper bound limit enforcement in strings passed when performing IPv6
validation could lead to a potential denial-of-service attack.  The
undocumented and private functions clean_ipv6_address and
is_valid_ipv6_address were vulnerable, as was the
django.forms.GenericIPAddressField form field, which has now been updated to
define a max_length of 39 characters.

The django.db.models.GenericIPAddressField model field was not affected.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit c87726dd336b7f9a1cebd26a327e47aa25d8b4d2)
[Peter: Mark as security bump, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
James Hilliard 2025-01-21 15:28:08 -07:00 committed by Peter Korsgaard
parent 4ad263555e
commit 48230a4b79
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/python-django/python-django.hash
View File

@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/django/json
md5 03ec3e0f2d6cbcb9eb11c629ca1c538b Django-5.1.4.tar.gz
sha256 de450c09e91879fa5a307f696e57c851955c910a438a35e6b4c895e86bedc82a Django-5.1.4.tar.gz
md5 272e951dbc4ccb7854c5a69aa5650749 Django-5.1.5.tar.gz
sha256 19bbca786df50b9eca23cee79d495facf55c8f5c54c529d9bf1fe7b5ea086af3 Django-5.1.5.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE

4
package/python-django/python-django.mk
View File

@ -4,10 +4,10 @@
#
################################################################################
PYTHON_DJANGO_VERSION = 5.1.4
PYTHON_DJANGO_VERSION = 5.1.5
PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/d3/e8/536555596dbb79f6e77418aeb40bdc1758c26725aba31919ba449e6d5e6a
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/e4/17/834e3e08d590dcc27d4cc3c5cd4e2fb757b7a92bab9de8ee402455732952
PYTHON_DJANGO_LICENSE = BSD-3-Clause
PYTHON_DJANGO_LICENSE_FILES = LICENSE
PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject