diff options
| author | adam <adam@pkgsrc.org> | 2019-12-19 13:39:50 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2019-12-19 13:39:50 +0000 |
| commit | 702d143d687758a596637d91e148b473eec0a6ff (patch) | |
| tree | 295b13b939d754f20dfd2b42af1895aa72ec6166 | |
| parent | d06c198b1c2b88728cff72e9f8d1c9803196bc5b (diff) | |
| download | pkgsrc-702d143d687758a596637d91e148b473eec0a6ff.tar.gz | |
py-django: updated to 1.11.27
Django 1.11.27 fixes a security issue and a data loss bug in 1.11.26.
CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.
In order to avoid this vulnerability, password reset requests now compare the submitted email using the stricter, recommended algorithm for case-insensitive comparison of two identifiers from Unicode Technical Report 36, section 2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to the email address on record rather than the submitted address.
Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with ArrayField(BooleanField()), all values after the first True value were marked as checked instead of preserving passed values
| -rw-r--r-- | www/py-django/Makefile | 4 | ||||
| -rw-r--r-- | www/py-django/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/www/py-django/Makefile b/www/py-django/Makefile index aa343f5d9c6..c1201f0d795 100644 --- a/www/py-django/Makefile +++ b/www/py-django/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.111 2019/11/05 07:40:16 adam Exp $ +# $NetBSD: Makefile,v 1.112 2019/12/19 13:39:50 adam Exp $ -DISTNAME= Django-1.11.26 +DISTNAME= Django-1.11.27 PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} CATEGORIES= www python MASTER_SITES= https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ diff --git a/www/py-django/distinfo b/www/py-django/distinfo index 8be5938f597..4bea28feb79 100644 --- a/www/py-django/distinfo +++ b/www/py-django/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.90 2019/11/05 07:40:16 adam Exp $ +$NetBSD: distinfo,v 1.91 2019/12/19 13:39:50 adam Exp $ -SHA1 (Django-1.11.26.tar.gz) = 34df353272f025e961288377aac1f51b05781147 -RMD160 (Django-1.11.26.tar.gz) = 858e3d9088e6b2b3757f4461652629f5e34ebd09 -SHA512 (Django-1.11.26.tar.gz) = 2c6bd31c1aa7131702c75accde537b2e7aaa6a7b687dd501d8d4552dd5e007bce12179719f40374aca06855414535b5126579a15d55419a0a34a4bb17221e021 -Size (Django-1.11.26.tar.gz) = 7976282 bytes +SHA1 (Django-1.11.27.tar.gz) = 8f0ad184cbae6e69dbe2a1f4d7ec32d842657001 +RMD160 (Django-1.11.27.tar.gz) = 6a9c879460b3a84bfcc2a6accec012e142f7e94c +SHA512 (Django-1.11.27.tar.gz) = 02370bc69d715fbd0d0460e801840331670f7348767040035d80d5e881eae90259dfa4b6406af37d827361691aca464bc4d556e525c32a94413528d0593fdf09 +Size (Django-1.11.27.tar.gz) = 7976980 bytes |