From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id mJHOObRwHWe7ngAA62LTzQ:P1 (envelope-from ) for ; Sat, 26 Oct 2024 22:44:05 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id mJHOObRwHWe7ngAA62LTzQ (envelope-from ) for ; Sun, 27 Oct 2024 00:44:05 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=ArpiYFfo; dkim=fail ("headers rsa verify failed") header.d=ngraves.fr header.s=ovhmo4487190-selector1 header.b="B/YqP9aa"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1729982644; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=pxk7UZfXkYvn1LkT9YH2e2k0/sOL0hU4dQ8JC7xa7pM=; b=IBK+AKekZbxUU+u5xgPFvSiYfx7lYaGFsPKNSdFjk802gMA/voDrPllMSv+YQCp+MlH0s6 LChCQdNhdXT6GsFnb22DntXAPBXezfpuwiD2bgQB+8J7YkYBymlY5MOf8iQx7t0m4RdSfM AYbxCJDKXWkJ3l3RD7U5qqdx800cxoBvOZaGpAF0RNCbcY6PLtpA1fp6Q3o6LCGZLk6GmA f3NuuotN5MiL0B2gLGvebtQVqXfwpEqboWcae8oeI5MlJFllj5JMcXKW35B8DJzE0poVYC 52Y/RGowPECrTE59iuzkLLm9Ki90Cv7IkClvyaYNwfhONwI/kgNSvv+vclNmzg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=ArpiYFfo; dkim=fail ("headers rsa verify failed") header.d=ngraves.fr header.s=ovhmo4487190-selector1 header.b="B/YqP9aa"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1729982644; a=rsa-sha256; cv=none; b=IwzYK0QDa309LlsOX/TvKiTYTSlcRCBaaAMQaPAoFG79boNbmDIaIL96/U16csgEZOm8Fc EO4KCRWkPkjHJoIHJWM+YoQKyRFkrlpL+jNkKh2cJ0ptarkWoStu7JbmXA42tbvGzZkiac 5jrmiwZW7pRGldAUGylrGqggB2BBfKDVyXSWCl42+pt9HJ63w3kIzUDLptIXZ3eByYGqfa 8/F5SpDtx4u211lE/pLxW3+lXZVg1WDFbdnkWmtjd4ntQsOlUoEej3OjrN01k+xChZ3kTm vR812RVClOTKnxr5TckujF6kU7+mnHBTXykIowXPL0GqBGCicUXqhASDTI2oXg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A33D544AFC for ; Sun, 27 Oct 2024 00:44:04 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t4pVN-0008Uw-4M; Sat, 26 Oct 2024 18:43:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4pVJ-0008Pu-Av for guix-patches@gnu.org; Sat, 26 Oct 2024 18:43:29 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t4pVJ-0007Cb-2g for guix-patches@gnu.org; Sat, 26 Oct 2024 18:43:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=pxk7UZfXkYvn1LkT9YH2e2k0/sOL0hU4dQ8JC7xa7pM=; b=ArpiYFfoU1UXydOLJUPodr2XVtABDY1JXKu5q98Qu5kYFC7k91NAnq99XZDp/FCW8xtAZQJAkz6CaCdwlr87wgjuY69sqi6DYp41jlmjBDPZb5z7bHwhZ7q/PUEZNwj3PvJy6ANmO0lX2bb7ldVgcI/qg5KL8zipzWA5SxG3j1Tv2dxF7vEBnIVw/ZKoiQzfpIQXdyehRbO7EaeAmXrn/A2BHfukp/bZY0zyPOhvjnwEorz5nwMrLclqCxdD8RD6fEMobDjD7wmlRX73rx0KO005rJnXsLEv9RF3DcO9f5UXBN7JJPCxgHecsLuejzXuD95V3TpkX8abtwg6E52Jtw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t4pVq-0006jp-UM for guix-patches@gnu.org; Sat, 26 Oct 2024 18:44:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#74035] [PATCH 01/24] gnu: python-django-4.2: Update to 4.2.16. [security fixes] References: <20241026223238.26667-1-ngraves@ngraves.fr> In-Reply-To: <20241026223238.26667-1-ngraves@ngraves.fr> Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 26 Oct 2024 22:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74035 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74035@debbugs.gnu.org Cc: Nicolas Graves Received: via spool by 74035-submit@debbugs.gnu.org id=B74035.172998262625796 (code B ref 74035); Sat, 26 Oct 2024 22:44:02 +0000 Received: (at 74035) by debbugs.gnu.org; 26 Oct 2024 22:43:46 +0000 Received: from localhost ([127.0.0.1]:42993 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4pVa-0006hu-AQ for submit@debbugs.gnu.org; Sat, 26 Oct 2024 18:43:46 -0400 Received: from 20.mo581.mail-out.ovh.net ([46.105.49.208]:37013) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4pVX-0006hd-9V for 74035@debbugs.gnu.org; Sat, 26 Oct 2024 18:43:44 -0400 Received: from director5.ghost.mail-out.ovh.net (unknown [10.109.148.34]) by mo581.mail-out.ovh.net (Postfix) with ESMTP id 4XbZRw1LCfz1Hr9 for <74035@debbugs.gnu.org>; Sat, 26 Oct 2024 22:43:08 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-dk7fm (unknown [10.110.178.131]) by director5.ghost.mail-out.ovh.net (Postfix) with ESMTPS id E934D1FDD5; Sat, 26 Oct 2024 22:43:07 +0000 (UTC) Received: from ngraves.fr ([37.59.142.108]) by ghost-submission-5b5ff79f4f-dk7fm with ESMTPSA id 7KuHLntwHWehlBYAbQeWaQ (envelope-from ); Sat, 26 Oct 2024 22:43:07 +0000 X-OVh-ClientIp: 86.246.19.221 Date: Sun, 27 Oct 2024 00:42:22 +0200 Message-ID: <20241026224300.30694-1-ngraves@ngraves.fr> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Ovh-Tracer-Id: 8105353433055290082 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeftddrvdejhedgudefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffoggfgsedtkeertdertddtnecuhfhrohhmpefpihgtohhlrghsucfirhgrvhgvshcuoehnghhrrghvvghssehnghhrrghvvghsrdhfrheqnecuggftrfgrthhtvghrnhepkeffgeetfffgffejgeejvdffgfdtvdeuueetgfefuedvjeegvdegjeejveeuueevnecukfhppeduvdejrddtrddtrddupdekiedrvdegiedrudelrddvvddupdefjedrheelrddugedvrddutdeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehnghhrrghvvghssehnghhrrghvvghsrdhfrhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeejgedtfeehseguvggssghughhsrdhgnhhurdhorhhgpdfovfetjfhoshhtpehmohehkedupdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=pxk7UZfXkYvn1LkT9YH2e2k0/sOL0hU4dQ8JC7xa7pM=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1729982588; v=1; b=B/YqP9aalZAfS6cV0Vloa4a6h/WS5JoXp1iMUsXWSOYlQOBYUprehBtL+qRjk4JqXqj0V9qe nvWrQAZWuU1tPCKY/4gaiq5RGeXvjId/L0FDb6+3xeCzquTQna96z8DMneNDIsrMUAUZBCDDqKg vuW6XwoRehpq9r72qR2QWeYTELEWCWQk5oq+OrIXaLkmQvAFzo8Xcc840JfNu2FOqSmaZKZoxHU ArEJ2IP3cncvVeTWUzZRIwk74FQa+wZWniMaTx8BjwCXbqpIfj/g23Tx48rkgywx2wx9evvJWVr xtrEG6E9lbnPa2syLbYvAelV5r7tb9j2Kd+TQcy6PAG2A== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches From: Nicolas Graves via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: 0.52 X-Spam-Score: 0.52 X-Migadu-Queue-Id: A33D544AFC X-TUID: GQBqyKCCN1FO This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231, CVE-2023-43665 and CVE-2023-46695. * gnu/packages/django.scm (python-django-4.2): Update to 4.2.16. [properties]: Add lint-hidden-cve property. --- gnu/packages/django.scm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm index 4404c8368d..4cf043f7c1 100644 --- a/gnu/packages/django.scm +++ b/gnu/packages/django.scm @@ -57,13 +57,13 @@ (define-module (gnu packages django) (define-public python-django-4.2 (package (name "python-django") - (version "4.2.5") + (version "4.2.16") (source (origin (method url-fetch) (uri (pypi-uri "Django" version)) (sha256 (base32 - "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y")))) + "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg")))) (build-system pyproject-build-system) (arguments '(#:test-flags @@ -140,7 +140,9 @@ (define-public python-django-4.2 any Web site. Django focuses on automating as much as possible and adhering to the @dfn{don't repeat yourself} (DRY) principle.") (license license:bsd-3) - (properties `((cpe-name . "django"))))) + (properties `((cpe-name . "django") + ;; This CVE seems fixed since 4.2.1. + (lint-hidden-cve . ("CVE-2023-31047")))))) (define-public python-django-3.2 (package -- 2.46.0