CVE-2021-28658: MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. Fixed in 2.2.20, 3.0.14, 3.1.8. Please bump.
Unable to check for sanity: > no match for package: dev-python/django-3.0.14
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
amd64 arm arm64 x86 (ALLARCHES) done all arches done
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c543f8d7dedbea08a123afcf000ae2584c712d8 commit 2c543f8d7dedbea08a123afcf000ae2584c712d8 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-04-10 16:40:18 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-04-10 19:35:58 +0000 dev-python/django: Remove old Bug: https://bugs.gentoo.org/780579 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/django/Manifest | 6 -- dev-python/django/django-2.2.19.ebuild | 93 ------------------------------ dev-python/django/django-3.0.13.ebuild | 101 --------------------------------- dev-python/django/django-3.1.7.ebuild | 94 ------------------------------ 4 files changed, 294 deletions(-)
Thanks!
GLSA request filed.
Package list is empty or all packages have requested keywords.