Summary: | <dev-python/django-{2.2.24,3.1.12,3.2.4}: multiple vulnerabilities (CVE-2021-{33203,33571}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.djangoproject.com/weblog/2021/jun/02/security-releases/ | ||
Whiteboard: | B4 [glsa? cve] | ||
Package list: |
dev-python/django-2.2.24
dev-python/django-3.1.12
dev-python/django-3.2.4
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 788700 |
Description
John Helmert III
2021-06-02 15:18:55 UTC
(In reply to John Helmert III from comment #0) > validate_ipv4_address() and validate_ipv46_address() validators were not > affected on Python 3.9.5+. Actually, we've backported this change to all Python versions. amd64 arm arm64 x86 (ALLARCHES) done all arches done (In reply to Michał Górny from comment #1) > (In reply to John Helmert III from comment #0) > > validate_ipv4_address() and validate_ipv46_address() validators were not > > affected on Python 3.9.5+. > > Actually, we've backported this change to all Python versions. Awesome, please cleanup! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b3e3bf7a80f42ad655e8b07c0aad43ae2742d0e commit 7b3e3bf7a80f42ad655e8b07c0aad43ae2742d0e Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-06-03 06:44:37 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-06-03 06:47:47 +0000 dev-python/django: Remove old Bug: https://bugs.gentoo.org/793911 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/django/Manifest | 12 ---- dev-python/django/django-2.2.22.ebuild | 92 --------------------------- dev-python/django/django-2.2.23.ebuild | 92 --------------------------- dev-python/django/django-3.1.10.ebuild | 95 ---------------------------- dev-python/django/django-3.1.11.ebuild | 95 ---------------------------- dev-python/django/django-3.2.2.ebuild | 94 ---------------------------- dev-python/django/django-3.2.3-r1.ebuild | 103 ------------------------------- 7 files changed, 583 deletions(-) Thanks! Unable to check for sanity:
> no match for package: dev-python/django-3.1.12
GLSA request filed. Unable to check for sanity:
> no match for package: dev-python/django-2.2.24
|