Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-django: security bump to v5.1.10

Browse Source 
This fixes the following CVE:

- CVE-2025-48432: An issue was discovered in Django 5.2 before 5.2.2,
                  5.1 before 5.1.10, and 4.2 before 4.2.22.
                  Internal HTTP response logging does not escape request.path,
                  which allows remote attackers to potentially manipulate log
                  output via crafted URLs.
                  This may lead to log injection or forgery when logs are
                  viewed in terminals or processed by external systems.

See https://www.cve.org/CVERecord?id=CVE-2025-48432

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit is contained in:
Titouan Christophe
2025-06-06 10:00:51 +02:00
committed by Thomas Perale
parent e5ca807360
commit 243add1034
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/python-django/python-django.hash
View File

@@ -1,6 +1,6 @@
# md5, sha256 from https://pypi.org/pypi/django/json
md5 da93c81fcaf2e0b4dab3cf44e7564c7c django-5.1.9.tar.gz
sha256 565881bdd0eb67da36442e9ac788bda90275386b549070d70aee86327781a4fc django-5.1.9.tar.gz
md5 d3b7a04b581dec5d74769df44e0ddbd1 django-5.1.10.tar.gz
sha256 73e5d191421d177803dbd5495d94bc7d06d156df9561f4eea9e11b4994c07137 django-5.1.10.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
sha256 dcac1c86cb7ab491702bdb4c41be680fafde51536748cc8aaee3840eec53ed17 django/contrib/gis/measure.py

4
package/python-django/python-django.mk
View File

@@ -4,10 +4,10 @@
#
################################################################################
PYTHON_DJANGO_VERSION = 5.1.9
PYTHON_DJANGO_VERSION = 5.1.10
PYTHON_DJANGO_SOURCE = django-$(PYTHON_DJANGO_VERSION).tar.gz
# The official Django site has an unpractical URL
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/10/08/2e6f05494b3fc0a3c53736846034f882b82ee6351791a7815bbb45715d79
PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/73/ca/1c724be89e603eb8b5587ea24c63a8c30094c8ff4d990780b5033ee15c40
PYTHON_DJANGO_LICENSE = BSD-3-Clause, MIT (jquery, utils/archive.py), BSD-2-Clause (inlines.js)
PYTHON_DJANGO_LICENSE_FILES = LICENSE \
django/contrib/gis/measure.py \