home-assistant
/
buildroot
mirror of https://github.com/home-assistant/buildroot.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buildroot/package/python-django
History
Peter Korsgaard 1082b6f9f3 package/python-django: security bump to version 4.1.13 
Fixes the following (Windows-only) security issue:

CVE-2023-46695: Potential denial of service vulnerability in UsernameField
on Windows

The NFKC normalization is slow on Windows.  As a consequence,
django.contrib.auth.forms.UsernameField was subject to a potential denial of
service attack via certain inputs with a very large number of Unicode
characters.

In order to avoid the vulnerability, invalid values longer than
UsernameField.max_length are no longer normalized, since they cannot pass
validation anyway.

https://www.djangoproject.com/weblog/2023/nov/01/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 		2023-11-08 19:05:48 +01:00
..
Config.in package/python-django: add missing python-zlib runtime dependency 2023-05-29 16:57:23 +02:00
python-django.hash package/python-django: security bump to version 4.1.13 2023-11-08 19:05:48 +01:00
python-django.mk package/python-django: security bump to version 4.1.13 2023-11-08 19:05:48 +01:00