From 653f86c0e91847dd8841837b650e2e966b59dd78 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Fri, 15 Feb 2019 14:32:01 +0100 Subject: package/python-django: security bump to version 2.1.7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes the following security issues: CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format(). To avoid this, decimals with more than 200 digits are now formatted using scientific notation. https://docs.djangoproject.com/en/2.1/releases/2.1.6/ 2.1.6 contained a packaging error, fixed by 2.1.7: https://docs.djangoproject.com/en/2.1/releases/2.1.7/ Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni --- package/python-django/python-django.hash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'package/python-django/python-django.hash') diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash index 4b932ac907..93ca1080c5 100644 --- a/package/python-django/python-django.hash +++ b/package/python-django/python-django.hash @@ -1,5 +1,5 @@ # md5, sha256 from https://pypi.org/pypi/django/json -md5 9309c48c8b92503b8969a7603a97e2a1 Django-2.1.5.tar.gz -sha256 d6393918da830530a9516bbbcbf7f1214c3d733738779f06b0f649f49cc698c3 Django-2.1.5.tar.gz +md5 a042e6ba117d2e01950d842cceb5eee0 Django-2.1.7.tar.gz +sha256 939652e9d34d7d53d74d5d8ef82a19e5f8bb2de75618f7e5360691b6e9667963 Django-2.1.7.tar.gz # Locally computed sha256 checksums sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE -- cgit v1.2.3