summaryrefslogtreecommitdiffstats
path: root/package/python-django/python-django.hash
Commit message (Collapse)AuthorAgeFilesLines
* python-django: security bump to version 1.7.3Gustavo Zacarias2015-01-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2015-0219 - incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. CVE-2015-0220 - incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2015-0221 - incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. CVE-2015-0222 - incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* python-django: new packageOli Vogt2015-01-041-0/+2
[Thomas: - Bump to Django 1.7.2, the latest available version; - Support Python 3 in addition to Python 2. - Use a download location from pypi.python.org since the download location from djangoproject.com didn't work as is and is impractical to use with Buildroot: the full URL of the tarball is https://www.djangoproject.com/download/1.7.2/tarball/. I.e, it does not end with the tarball file name.] Signed-off-by: oli vogt <oli.vogt.pub01@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
OpenPOWER on IntegriCloud