Message ID | 20240208130838.196406-1-buildroot@bubu1.eu |
---|---|
State | Accepted |
Headers | show |
Series | package/python-django: security bump to 5.0.2 | expand |
Hi Peter, On 08.02.24 14:08, Marcus Hoffmann via buildroot wrote: > Minor 5.0 bugfix release [1] fixing one "moderate" severity CVE. > > Fixes: CVE-2024-24680 > > [1] https://docs.djangoproject.com/en/5.0/releases/5.0.2/#django-5-0-2-release-notes Buildroot stable releases should probably be updated to 4.2.10: https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ > > Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> > --- > package/python-django/python-django.hash | 4 ++-- > package/python-django/python-django.mk | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash > index 39fd9afdae..20b66a4106 100644 > --- a/package/python-django/python-django.hash > +++ b/package/python-django/python-django.hash > @@ -1,5 +1,5 @@ > # md5, sha256 from https://pypi.org/pypi/django/json > -md5 5ff3c69d7e6b4f5ed378ec5713af8df7 Django-5.0.1.tar.gz > -sha256 8c8659665bc6e3a44fefe1ab0a291e5a3fb3979f9a8230be29de975e57e8f854 Django-5.0.1.tar.gz > +md5 5d0df847e1b751a4a5d2bde1563c75fc Django-5.0.2.tar.gz > +sha256 b5bb1d11b2518a5f91372a282f24662f58f66749666b0a286ab057029f728080 Django-5.0.2.tar.gz > # Locally computed sha256 checksums > sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE > diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk > index ed4f4bcdf1..231de0b833 100644 > --- a/package/python-django/python-django.mk > +++ b/package/python-django/python-django.mk > @@ -4,10 +4,10 @@ > # > ################################################################################ > > -PYTHON_DJANGO_VERSION = 5.0.1 > +PYTHON_DJANGO_VERSION = 5.0.2 > PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz > # The official Django site has an unpractical URL > -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/53/82/c8e8ed137da1c72fa110e3be9ab0f26bcfcf6f3d2994601d164dfac86269 > +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/50/98/499a2d11eb0b22fdd55ce5895e0f5ce6d7d4957a785f237a89317cb478fa > PYTHON_DJANGO_LICENSE = BSD-3-Clause > PYTHON_DJANGO_LICENSE_FILES = LICENSE > PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject
>>>>> "Marcus" == Marcus Hoffmann <buildroot@bubu1.eu> writes: > Hi Peter, > On 08.02.24 14:08, Marcus Hoffmann via buildroot wrote: >> Minor 5.0 bugfix release [1] fixing one "moderate" severity CVE. >> Fixes: CVE-2024-24680 >> [1] >> https://docs.djangoproject.com/en/5.0/releases/5.0.2/#django-5-0-2-release-notes > Buildroot stable releases should probably be updated to 4.2.10: > https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ Yes, care to send a patch? 2023.02.x is using 4.1.13, but it looks like the 4.1.x series is EOL, so I'll also update that to 4.2.10.
>>>>> "Marcus" == Marcus Hoffmann via buildroot <buildroot@buildroot.org> writes: > Minor 5.0 bugfix release [1] fixing one "moderate" severity CVE. > Fixes: CVE-2024-24680 > [1] https://docs.djangoproject.com/en/5.0/releases/5.0.2/#django-5-0-2-release-notes > Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> Committed, thanks. > --- > package/python-django/python-django.hash | 4 ++-- > package/python-django/python-django.mk | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash > index 39fd9afdae..20b66a4106 100644 > --- a/package/python-django/python-django.hash > +++ b/package/python-django/python-django.hash > @@ -1,5 +1,5 @@ > # md5, sha256 from https://pypi.org/pypi/django/json > -md5 5ff3c69d7e6b4f5ed378ec5713af8df7 Django-5.0.1.tar.gz > -sha256 8c8659665bc6e3a44fefe1ab0a291e5a3fb3979f9a8230be29de975e57e8f854 Django-5.0.1.tar.gz > +md5 5d0df847e1b751a4a5d2bde1563c75fc Django-5.0.2.tar.gz > +sha256 b5bb1d11b2518a5f91372a282f24662f58f66749666b0a286ab057029f728080 Django-5.0.2.tar.gz > # Locally computed sha256 checksums > sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE > diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk > index ed4f4bcdf1..231de0b833 100644 > --- a/package/python-django/python-django.mk > +++ b/package/python-django/python-django.mk > @@ -4,10 +4,10 @@ > # > ################################################################################ > -PYTHON_DJANGO_VERSION = 5.0.1 > +PYTHON_DJANGO_VERSION = 5.0.2 > PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz > # The official Django site has an unpractical URL > -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/53/82/c8e8ed137da1c72fa110e3be9ab0f26bcfcf6f3d2994601d164dfac86269 > +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/50/98/499a2d11eb0b22fdd55ce5895e0f5ce6d7d4957a785f237a89317cb478fa > PYTHON_DJANGO_LICENSE = BSD-3-Clause > PYTHON_DJANGO_LICENSE_FILES = LICENSE > PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject > -- > 2.34.1 > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Marcus" == Marcus Hoffmann via buildroot <buildroot@buildroot.org> writes: > Minor 5.0 bugfix release [1] fixing one "moderate" severity CVE. > Fixes: CVE-2024-24680 > [1] https://docs.djangoproject.com/en/5.0/releases/5.0.2/#django-5-0-2-release-notes > Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> For 2023.02.x / 2023.11.x I have instead bumped to django 4.2.10, which contains the same fix.
diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash index 39fd9afdae..20b66a4106 100644 --- a/package/python-django/python-django.hash +++ b/package/python-django/python-django.hash @@ -1,5 +1,5 @@ # md5, sha256 from https://pypi.org/pypi/django/json -md5 5ff3c69d7e6b4f5ed378ec5713af8df7 Django-5.0.1.tar.gz -sha256 8c8659665bc6e3a44fefe1ab0a291e5a3fb3979f9a8230be29de975e57e8f854 Django-5.0.1.tar.gz +md5 5d0df847e1b751a4a5d2bde1563c75fc Django-5.0.2.tar.gz +sha256 b5bb1d11b2518a5f91372a282f24662f58f66749666b0a286ab057029f728080 Django-5.0.2.tar.gz # Locally computed sha256 checksums sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk index ed4f4bcdf1..231de0b833 100644 --- a/package/python-django/python-django.mk +++ b/package/python-django/python-django.mk @@ -4,10 +4,10 @@ # ################################################################################ -PYTHON_DJANGO_VERSION = 5.0.1 +PYTHON_DJANGO_VERSION = 5.0.2 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz # The official Django site has an unpractical URL -PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/53/82/c8e8ed137da1c72fa110e3be9ab0f26bcfcf6f3d2994601d164dfac86269 +PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/50/98/499a2d11eb0b22fdd55ce5895e0f5ce6d7d4957a785f237a89317cb478fa PYTHON_DJANGO_LICENSE = BSD-3-Clause PYTHON_DJANGO_LICENSE_FILES = LICENSE PYTHON_DJANGO_CPE_ID_VENDOR = djangoproject
Minor 5.0 bugfix release [1] fixing one "moderate" severity CVE. Fixes: CVE-2024-24680 [1] https://docs.djangoproject.com/en/5.0/releases/5.0.2/#django-5-0-2-release-notes Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> --- package/python-django/python-django.hash | 4 ++-- package/python-django/python-django.mk | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)