diff options
| author | adam <adam@pkgsrc.org> | 2018-08-02 14:02:21 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2018-08-02 14:02:21 +0000 |
| commit | 22123de3570c65fded4a3e12b75caca353f458a6 (patch) | |
| tree | 14713fad6a67ff8049b5d2dbb6c8f492b239020e /www | |
| parent | c79260b032f1eb4c4e27263cc0f1152e1e6d2bda (diff) | |
| download | pkgsrc-22123de3570c65fded4a3e12b75caca353f458a6.tar.gz | |
py-django: updated to 1.11.5
1.11.5:
Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware
If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks.
CommonMiddleware now escapes leading slashes to prevent redirects to other domains.
Diffstat (limited to 'www')
| -rw-r--r-- | www/py-django/Makefile | 4 | ||||
| -rw-r--r-- | www/py-django/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/www/py-django/Makefile b/www/py-django/Makefile index 9599d529bd6..7222f883785 100644 --- a/www/py-django/Makefile +++ b/www/py-django/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.100 2018/07/03 06:42:27 adam Exp $ +# $NetBSD: Makefile,v 1.101 2018/08/02 14:02:21 adam Exp $ -DISTNAME= Django-1.11.14 +DISTNAME= Django-1.11.15 PKGNAME= ${PYPKGPREFIX}-${DISTNAME:tl} CATEGORIES= www python MASTER_SITES= https://www.djangoproject.com/m/releases/${PKGVERSION_NOREV:R}/ diff --git a/www/py-django/distinfo b/www/py-django/distinfo index 8cda3b65239..bffa26d90f9 100644 --- a/www/py-django/distinfo +++ b/www/py-django/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.79 2018/07/03 06:42:27 adam Exp $ +$NetBSD: distinfo,v 1.80 2018/08/02 14:02:21 adam Exp $ -SHA1 (Django-1.11.14.tar.gz) = 4449ed970ed3b26a20a5888b439fbcb6c52dcfb7 -RMD160 (Django-1.11.14.tar.gz) = 79299126fd5d47f9fb373de4f378de4f87281e94 -SHA512 (Django-1.11.14.tar.gz) = 71dbbad22bf0675a5c9aa36bcf69d6de561cf041b744fa37b407cb021ef342c3245b8001025c0492ce20df664e37ed2d7a5ffdc397761065d088ddb0d9fbe6c8 -Size (Django-1.11.14.tar.gz) = 7850578 bytes +SHA1 (Django-1.11.15.tar.gz) = dfcb521471a5364bebe5fe1c40ad01cdd48e23bf +RMD160 (Django-1.11.15.tar.gz) = 928d27725a612a42e29e785095811af3efbc9e71 +SHA512 (Django-1.11.15.tar.gz) = 4ea18c59f7c74d0b6deb9d292d5de068c6dcc53d9596f321f5a7e823ff5fe423cc8d69c88bf53e3acd9c36c4ecc4447148243a127d5114a4894b0fd4d449f37e +Size (Django-1.11.15.tar.gz) = 7843843 bytes SHA1 (patch-django_contrib_admin_widgets.py) = 16c7b0607c5e85f67726e93bf3649414abe7c7fb |