Please login to access the resource
Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-Django

Gayane Osipyan's avatar Gayane Osipyan (gosipyan) accepted request 1146450 from Guang Yee's avatar Guang Yee (yeey) (revision 18) 
- Add CVE-2024-24680.patch (bsc#1219683, CVE-2024-24680)

- Add CVE-2023-43665.patch (bsc#1215978, CVE-2023-43665)
  * Denial-of-service possibility in django.utils.text.Truncator

- Add CVE-2023-41164.patch (bsc#1214667, CVE-2023-41164)
    * Potential denial of service vulnerability
      in django.utils.encoding.uri_to_iri()

- Add CVE-2023-36053.patch (bsc#1212742, CVE-2023-36053)

- Add CVE-2023-24580-DOS_file_upload.patch (CVE-2023-24580,
  bsc#1208082) to prevent DOS in file uploads.

- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
  to avoid source_validator incorrectly trying to use it as a detached
  signature file for the sources tarball.
- Remove unnecessary project.diff file.

- Add CVE-2022-28346.patch (bsc#1198398, CVE-2022-28346)
    * Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265.patch (bsc#1201186, CVE-2022-34265)
    * SQL injection via Trunc(kind) and Extract(lookup_name) arguments

- CVE-2021-45452.patch: added missing attribute to validate_file_name (bsc#1194116)

- Add CVE-2022-22818.patch (bsc#1195086, CVE-2022-22818)
    * Possible XSS via ``{% debug %}`` template tag
- Add CVE-2022-23833.patch (bsc#1195088, CVE-2022-23833)
    * Denial-of-service possibility in file uploads
Johannes Grassler's avatar Johannes Grassler (jgrassler) accepted request 910955 from Jacek Tomasiak's avatar Jacek Tomasiak (jtomasiak) (revision 17) 
- Add missing dependency for CVE-2021-31542.patch
Gayane Osipyan's avatar Gayane Osipyan (gosipyan) accepted request 891340 from Johannes Grassler's avatar Johannes Grassler (jgrassler) (revision 16) 
- Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
    * Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file
      uploads.
Johannes Grassler's avatar Johannes Grassler (jgrassler) committed (revision 15) 
Add missing bugzilla reference.
Johannes Grassler's avatar Johannes Grassler (jgrassler) committed (revision 14) 
- Add CVE-2021-28658.patch
  * Fixed potential directory-traversal via uploaded files
Jeremy Moffitt's avatar Jeremy Moffitt (jeremy_moffitt) accepted request 873795 from Johannes Grassler's avatar Johannes Grassler (jgrassler) (revision 13) 
- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
  * Fixed web cache poisoning via django.utils.http.limited_parse_qsl()
Johannes Grassler's avatar Johannes Grassler (jgrassler) committed (revision 12) 
- Add CVE-2021-3281.patch (bsc#1181379, CVE-2021-3281)
  * Fixes a potential directory traversal when extracting archives
Flávio Ramalho's avatar Flávio Ramalho (flaviosr) accepted request 817887 from Johannes Grassler's avatar Johannes Grassler (jgrassler) (revision 11) 
- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)
  * Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
  * Pinned PyYAML < 5.3 in test requirements.
  * Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
  * Fixed timezones tests for PyYAML 5.3+.
  * Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
  * Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.
  * Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
  * Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
  * Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.

  * Added patch CVE-2020-13254.patch
  * Added patch CVE-2020-13596.patch
Johannes Grassler's avatar Johannes Grassler (jgrassler) accepted request 811691 from Johannes Grassler's avatar Johannes Grassler (jgrassler) (revision 10) 
- Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254,  CVE-2020-13596)
  * Added patch CVE-2020-13254-1.8.19.patch
  * Added patch CVE-2020-13596-1.8.19.patch
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 9)
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 8) 
- Update to 1.11.23:
  * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
    bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
  * Just security fixes
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 7) 
- added 0001-exc_filters-fix-deadlock-detection-for-MariaDB-Galer.patch
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 6) 
- update to 1.11.20 (bsc#124991, CVE-2019-6975):
  * Memory exhaustion in ``django.utils.numberformat.format()``
- remove CVE-2019-3498.patch, CVE-2018-14574.patch: this
  and other fixes are included in the version update.
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 663404 from Keith Berger's avatar Keith Berger (kberger65) (revision 5) 
Fixed bug 1120932
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 4) 
- Fixed open redirect possibility in CommonMiddleware (bsc#1102680,
  CVE-2018-14574)
  * Added CVE-2018-14574.patch
Thomas Bechtold's avatar Thomas Bechtold (tbechtold) committed (revision 3) 
- update to version 1.11.11 (CVE-2018-6188, CVE-2018-7536, CVE-2017-12794,
  CVE-2018-7537, bsc#1077714, bsc#1083304, bsc#1056284, bsc#1083305):
  * Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments.
  * Fixed #28689 -- Fixed unquoted table names in Subquery SQL when using OuterRef.
  * Fixed #28729 -- Replaced a numbered list with unordered list in TemplatesSetting docs.
  * Fixed argument name in call_command() docstring.
  * Fixed #28451 -- Restored pre-Django 1.11 Oracle sequence/trigger naming.
  * Fixed incorrect indentation in remove_stale_contenttypes.
  * Fixed #28532 -- Fixed typo in PostgreSQL field docs
  * Fixed #29032 -- Fixed an example of using expressions in QuerySet.values().
  * Fixed typo in docs/topics/testing/advanced.txt.
  * Fixed #28648 -- Corrected typo in docs/topics/db/queries.txt.
  * Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
  * Bumped version for 1.11.7 release.
  * Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt.
  * Fixed #27998, #28543 -- Restored logging of ManyToManyField changes in admin's object history.
  * Fixed #28530 -- Prevented SelectDateWidget from localizing years in output.
  * Bumped version for 1.11.8 release.
  * Fixed #28471 -- Clarified that Meta.indexes is preferred to index_together.
  * Initialized CsrfViewMiddleware once in csrf_tests.
  * Fixed #28548 -- Replaced 'middlewares' with 'middleware' in docs.
  * Fixed typo in ModelAdmin action logging test.
  * Fixed #28747 -- Fixed typos in django/conf/global_settings.py comments.
  * Added stub release notes for 1.11.8.
  * Fixed #17985 -- Documented ModelAdmin.lookup_allowed().
  * Fixed #28597 -- Fixed crash with the name of a model's autogenerated primary key in an Index's fields.
  * Added stub release notes for 1.11.9.
  * Fixed typo in docs/topics/forms/media.txt.
  * Fixed #28653 -- Added missing ForeignKey.on_delete argument in docs.
  * Fixed #25277 -- Restored test dependency to the original python-memcached.
Thomas Bechtold's avatar Thomas Bechtold (tbechtold) committed (revision 2) 
osc copypac from project:devel:languages:python package:python-Django revision:76, using expand
Thomas Bechtold's avatar Thomas Bechtold (tbechtold) committed (revision 1) 
osc copypac from project:Cloud:OpenStack:Master package:python-Django revision:1, using expand
Displaying all 18 revisions
openSUSE Build Service is sponsored by
Places