| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | python3-django: upgrade to 2.2.20 | Chen Qi | 2021-04-22 | 1 | -289/+0 |
| | | | | | | | | | | | | 2.2.x is LTS, so upgrade to latest release 2.2.20. This upgrade fixes several CVEs such as CVE-2021-3281. Also, CVE-2021-28658.patch is dropped as it's already in 2.2.20. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> | ||||
| * | python3-django: fix CVE-2021-28658 | Stefan Ghinea | 2021-04-21 | 1 | -0/+289 |
| In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. References: https://nvd.nist.gov/vuln/detail/CVE-2021-28658 Upstream patches: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> | |||||
 |
index : linux/meta-openembedded.git | |
| Mirror of git.openembedded.org/meta-openembedded | N/A |
| summaryrefslogtreecommitdiffstats |