openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-Django

Gayane Osipyan (gosipyan) accepted request 1146450 from

Guang Yee (yeey) 5 months ago (revision 18)

- Add CVE-2024-24680.patch (bsc#1219683, CVE-2024-24680)

- Add CVE-2023-43665.patch (bsc#1215978, CVE-2023-43665)
  * Denial-of-service possibility in django.utils.text.Truncator

- Add CVE-2023-41164.patch (bsc#1214667, CVE-2023-41164)
    * Potential denial of service vulnerability
      in django.utils.encoding.uri_to_iri()

- Add CVE-2023-36053.patch (bsc#1212742, CVE-2023-36053)

- Add CVE-2023-24580-DOS_file_upload.patch (CVE-2023-24580,
  bsc#1208082) to prevent DOS in file uploads.

- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
  to avoid source_validator incorrectly trying to use it as a detached
  signature file for the sources tarball.
- Remove unnecessary project.diff file.

- Add CVE-2022-28346.patch (bsc#1198398, CVE-2022-28346)
    * Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265.patch (bsc#1201186, CVE-2022-34265)
    * SQL injection via Trunc(kind) and Extract(lookup_name) arguments

- CVE-2021-45452.patch: added missing attribute to validate_file_name (bsc#1194116)

- Add CVE-2022-22818.patch (bsc#1195086, CVE-2022-22818)
    * Possible XSS via ``{% debug %}`` template tag
- Add CVE-2022-23833.patch (bsc#1195088, CVE-2022-23833)
    * Denial-of-service possibility in file uploads

Johannes Grassler (jgrassler) accepted request 910955 from

Jacek Tomasiak (jtomasiak) almost 3 years ago (revision 17)

- Add missing dependency for CVE-2021-31542.patch

Gayane Osipyan (gosipyan) accepted request 891340 from

Johannes Grassler (jgrassler) about 3 years ago (revision 16)

- Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
    * Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file
      uploads.

Johannes Grassler (jgrassler) committed about 3 years ago (revision 15)

Add missing bugzilla reference.

Johannes Grassler (jgrassler) committed about 3 years ago (revision 14)

- Add CVE-2021-28658.patch
  * Fixed potential directory-traversal via uploaded files

Jeremy Moffitt (jeremy_moffitt) accepted request 873795 from

Johannes Grassler (jgrassler) over 3 years ago (revision 13)

- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
  * Fixed web cache poisoning via django.utils.http.limited_parse_qsl()

Johannes Grassler (jgrassler) committed over 3 years ago (revision 12)

- Add CVE-2021-3281.patch (bsc#1181379, CVE-2021-3281)
  * Fixes a potential directory traversal when extracting archives

Flávio Ramalho (flaviosr) accepted request 817887 from

Johannes Grassler (jgrassler) about 4 years ago (revision 11)

- Update to version 1.11.29 (bsc#1161919, CVE-2020-7471, bsc#1165022, CVE-2020-9402, bsc#1159447, CVE-2019-19844)
  * Fixed CVE-2020-9402 -- Properly escaped tolerance parameter in GIS functions and aggregates on Oracle.
  * Pinned PyYAML < 5.3 in test requirements.
  * Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.
  * Fixed timezones tests for PyYAML 5.3+.
  * Fixed CVE-2019-19844 -- Used verified user email for password reset requests.
  * Fixed #31073 -- Prevented CheckboxInput.get_context() from mutating attrs.
  * Fixed #30826 -- Fixed crash of many JSONField lookups when one hand side is key transform.
  * Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
  * Fixed #30672 -- Fixed crash of JSONField/HStoreField key transforms on expressions with params.

  * Added patch CVE-2020-13254.patch
  * Added patch CVE-2020-13596.patch

Johannes Grassler (jgrassler) accepted request 811691 from

Johannes Grassler (jgrassler) about 4 years ago (revision 10)

- Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254,  CVE-2020-13596)
  * Added patch CVE-2020-13254-1.8.19.patch
  * Added patch CVE-2020-13596-1.8.19.patch

Dirk Mueller (dirkmueller) committed almost 5 years ago (revision 9)

Dirk Mueller (dirkmueller) committed almost 5 years ago (revision 8)

- Update to 1.11.23:
  * CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235
    bsc#1142883 bsc#1142885 bsc#1142882 bsc#1142880
  * Just security fixes

Dirk Mueller (dirkmueller) committed almost 5 years ago (revision 7)

- added 0001-exc_filters-fix-deadlock-detection-for-MariaDB-Galer.patch

Dirk Mueller (dirkmueller) committed about 5 years ago (revision 6)

- update to 1.11.20 (bsc#124991, CVE-2019-6975):
  * Memory exhaustion in ``django.utils.numberformat.format()``
- remove CVE-2019-3498.patch, CVE-2018-14574.patch: this
  and other fixes are included in the version update.

Dirk Mueller (dirkmueller) accepted request 663404 from

Keith Berger (kberger65) over 5 years ago (revision 5)

Fixed bug 1120932

Dirk Mueller (dirkmueller) committed over 5 years ago (revision 4)

- Fixed open redirect possibility in CommonMiddleware (bsc#1102680,
  CVE-2018-14574)
  * Added CVE-2018-14574.patch

Thomas Bechtold (tbechtold) committed over 6 years ago (revision 3)

- update to version 1.11.11 (CVE-2018-6188, CVE-2018-7536, CVE-2017-12794,
  CVE-2018-7537, bsc#1077714, bsc#1083304, bsc#1056284, bsc#1083305):
  * Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments.
  * Fixed #28689 -- Fixed unquoted table names in Subquery SQL when using OuterRef.
  * Fixed #28729 -- Replaced a numbered list with unordered list in TemplatesSetting docs.
  * Fixed argument name in call_command() docstring.
  * Fixed #28451 -- Restored pre-Django 1.11 Oracle sequence/trigger naming.
  * Fixed incorrect indentation in remove_stale_contenttypes.
  * Fixed #28532 -- Fixed typo in PostgreSQL field docs
  * Fixed #29032 -- Fixed an example of using expressions in QuerySet.values().
  * Fixed typo in docs/topics/testing/advanced.txt.
  * Fixed #28648 -- Corrected typo in docs/topics/db/queries.txt.
  * Fixed CVE-2018-6188 -- Fixed information leakage in AuthenticationForm.
  * Bumped version for 1.11.7 release.
  * Fixed #28802 -- Fixed typo in docs/topics/auth/default.txt.
  * Fixed #27998, #28543 -- Restored logging of ManyToManyField changes in admin's object history.
  * Fixed #28530 -- Prevented SelectDateWidget from localizing years in output.
  * Bumped version for 1.11.8 release.
  * Fixed #28471 -- Clarified that Meta.indexes is preferred to index_together.
  * Initialized CsrfViewMiddleware once in csrf_tests.
  * Fixed #28548 -- Replaced 'middlewares' with 'middleware' in docs.
  * Fixed typo in ModelAdmin action logging test.
  * Fixed #28747 -- Fixed typos in django/conf/global_settings.py comments.
  * Added stub release notes for 1.11.8.
  * Fixed #17985 -- Documented ModelAdmin.lookup_allowed().
  * Fixed #28597 -- Fixed crash with the name of a model's autogenerated primary key in an Index's fields.
  * Added stub release notes for 1.11.9.
  * Fixed typo in docs/topics/forms/media.txt.
  * Fixed #28653 -- Added missing ForeignKey.on_delete argument in docs.
  * Fixed #25277 -- Restored test dependency to the original python-memcached.

Thomas Bechtold (tbechtold) committed almost 7 years ago (revision 2)

osc copypac from project:devel:languages:python package:python-Django revision:76, using expand

Thomas Bechtold (tbechtold) committed almost 7 years ago (revision 1)

osc copypac from project:Cloud:OpenStack:Master package:python-Django revision:1, using expand

Browse Source

Displaying all 18 revisions

Places

Revisions of python-Django

Places