From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
To: 74035@debbugs.gnu.org
Cc: ngraves@ngraves.fr
Subject: [bug#74035] [PATCH v2 02/26] gnu: python-django-4.2: Update to 4.2.16. [security fixes]
Date: Tue, 05 Nov 2024 00:08:33 +0800 [thread overview]
Message-ID: <874j4nq8vy.fsf@iscas.ac.cn> (raw)
In-Reply-To: <20241103160239.6772-2-ngraves@ngraves.fr> (Nicolas Graves via Guix-patches via's message of "Sun, 3 Nov 2024 17:01:57 +0100")
[-- Attachment #1: Type: text/plain, Size: 1748 bytes --]
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:
> This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
> CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
> CVE-2023-43665 and CVE-2023-46695.
>
> * gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
> [properties]: Add lint-hidden-cve property.
> ---
> gnu/packages/django.scm | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
> index 4404c8368d..4cf043f7c1 100644
> --- a/gnu/packages/django.scm
> +++ b/gnu/packages/django.scm
> @@ -57,13 +57,13 @@ (define-module (gnu packages django)
> (define-public python-django-4.2
> (package
> (name "python-django")
> - (version "4.2.5")
> + (version "4.2.16")
> (source (origin
> (method url-fetch)
> (uri (pypi-uri "Django" version))
> (sha256
> (base32
> - "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
> + "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
> (build-system pyproject-build-system)
> (arguments
> '(#:test-flags
> @@ -140,7 +140,9 @@ (define-public python-django-4.2
> any Web site. Django focuses on automating as much as possible and adhering
> to the @dfn{don't repeat yourself} (DRY) principle.")
> (license license:bsd-3)
> - (properties `((cpe-name . "django")))))
> + (properties `((cpe-name . "django")
> + ;; This CVE seems fixed since 4.2.1.
> + (lint-hidden-cve . ("CVE-2023-31047"))))))
>
> (define-public python-django-3.2
> (package
apply.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2024-11-04 16:09 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-26 22:29 [bug#74035] [PATCH 00/24] [security fixes] for near-leaf packages Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 01/24] gnu: python-django-4.2: Update to 4.2.16. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 02/24] gnu: maradns: Update to 3.5.0036. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 03/24] gnu: maradns: Improve style Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 04/24] gnu: libmobi: Update to 0.12. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 05/24] gnu: bart: Update to 0.9.00. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 06/24] gnu: wireshark: Update to 4.4.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 07/24] gnu: pam-u2f: Update to 1.3.0. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 08/24] gnu: darkhttpd: Update to 1.16. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 09/24] gnu: xlsxio: Update to 0.2.35. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 10/24] gnu: pypy: Update to 7.3.17. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 11/24] gnu: indent: Remove uneeded arguments Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 12/24] gnu: indent: Add patch for CVE-2024-0911. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 13/24] gnu: squashfs-tools: Update to 4.6.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 14/24] gnu: shapelib: Update to 1.6.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 15/24] gnu: libzapojit: Update to 0.0.3-1.99d49ba. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 16/24] gnu: gifsicle: Update to 1.95. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 17/24] gnu: sendmail: Update to 8.18.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 18/24] gnu: openvpn: Update to 2.6.12. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 19/24] gnu: youtube-dl: Deprecate package Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 20/24] gnu: liblouis: Update to 3.31.0. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 21/24] gnu: unicorn: Update to 2.1.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 22/24] gnu: Add sexpp Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 23/24] gnu: rnp: Update to 0.17.1. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 24/24] gnu: cjson: Update to 1.7.18. " Nicolas Graves via Guix-patches via
2024-11-03 16:01 ` [bug#74035] [PATCH v2 01/26] gnu: libyang: Update to 3.4.2. " Nicolas Graves via Guix-patches via
2024-11-03 16:01 ` [bug#74035] [PATCH v2 02/26] gnu: python-django-4.2: Update to 4.2.16. " Nicolas Graves via Guix-patches via
2024-11-04 16:08 ` Zheng Junjie [this message]
2024-11-03 16:01 ` [bug#74035] [PATCH v2 03/26] gnu: maradns: Update to 3.5.0036. " Nicolas Graves via Guix-patches via
2024-11-04 16:09 ` Zheng Junjie
2024-11-03 16:01 ` [bug#74035] [PATCH v2 04/26] gnu: maradns: Improve style Nicolas Graves via Guix-patches via
2024-11-04 16:09 ` Zheng Junjie
2024-11-03 16:02 ` [bug#74035] [PATCH v2 05/26] gnu: libmobi: Update to 0.12. [security fixes] Nicolas Graves via Guix-patches via
2024-11-04 11:57 ` Zheng Junjie
2024-11-03 16:02 ` [bug#74035] [PATCH v2 06/26] gnu: bart: Update to 0.9.00. " Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 07/26] gnu: wireshark: Update to 4.4.1. " Nicolas Graves via Guix-patches via
2024-11-04 9:38 ` Z572
2024-11-03 16:02 ` [bug#74035] [PATCH v2 08/26] gnu: pam-u2f: Update to 1.3.0. " Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 09/26] gnu: darkhttpd: Update to 1.16. " Nicolas Graves via Guix-patches via
2024-11-04 9:40 ` Z572
2024-11-03 16:02 ` [bug#74035] [PATCH v2 10/26] gnu: xlsxio: Update to 0.2.35. " Nicolas Graves via Guix-patches via
2024-11-04 16:12 ` Zheng Junjie
2024-11-03 16:02 ` [bug#74035] [PATCH v2 11/26] gnu: pypy: Update to 7.3.17. " Nicolas Graves via Guix-patches via
2024-11-04 9:39 ` Z572
2024-11-03 16:02 ` [bug#74035] [PATCH v2 12/26] gnu: indent: Remove uneeded arguments Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 13/26] gnu: indent: Add patch for CVE-2024-0911. [security fixes] Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 14/26] gnu: squashfs-tools: Update to 4.6.1. " Nicolas Graves via Guix-patches via
2024-11-04 11:59 ` Zheng Junjie
2024-11-03 16:02 ` [bug#74035] [PATCH v2 15/26] gnu: shapelib: Update to 1.6.1. " Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 16/26] gnu: libzapojit: Update to 0.0.3-1.99d49ba. " Nicolas Graves via Guix-patches via
2024-11-04 16:06 ` Zheng Junjie
2024-11-03 16:02 ` [bug#74035] [PATCH v2 17/26] gnu: gifsicle: Update to 1.95. " Nicolas Graves via Guix-patches via
2024-11-04 11:58 ` Zheng Junjie
2024-11-03 16:02 ` [bug#74035] [PATCH v2 18/26] gnu: sendmail: Update to 8.18.1. " Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 19/26] gnu: openvpn: Update to 2.6.12. " Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 20/26] gnu: liblouis: Update to 3.31.0. " Nicolas Graves via Guix-patches via
2024-11-04 11:58 ` Zheng Junjie
2024-11-06 16:09 ` Ludovic Courtès
2024-11-07 11:21 ` Z572
2024-11-03 16:02 ` [bug#74035] [PATCH v2 21/26] gnu: youtube-dl: Deprecate package Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 22/26] gnu: unicorn: Update to 2.1.1. [security fixes] Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 23/26] gnu: Add sexpp Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 24/26] gnu: rnp: Update to 0.17.1. [security fixes] Nicolas Graves via Guix-patches via
2024-11-03 16:02 ` [bug#74035] [PATCH v2 25/26] gnu: cjson: Update to 1.7.18. " Nicolas Graves via Guix-patches via
2024-11-04 9:39 ` Z572
2024-11-03 16:02 ` [bug#74035] [PATCH v2 26/26] gnu: snapcast: Update to 0.29.0. " Nicolas Graves via Guix-patches via
2024-11-04 16:08 ` [bug#74035] [PATCH v2 01/26] gnu: libyang: Update to 3.4.2. " Zheng Junjie
2024-11-05 23:10 ` [bug#74035] [PATCH v3 0/8] [security] fixes for near-leaf packages Nicolas Graves via Guix-patches via
2024-11-05 23:10 ` [bug#74035] [PATCH v3 1/8] gnu: bart: Update to 0.9.00. [security fixes] Nicolas Graves via Guix-patches via
2024-11-05 23:10 ` [bug#74035] [PATCH v3 2/8] gnu: pam-u2f: Update to 1.3.0. " Nicolas Graves via Guix-patches via
2024-11-05 23:10 ` [bug#74035] [PATCH v3 3/8] gnu: sendmail: Update to 8.18.1. " Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` [bug#74035] [PATCH v4 1/8] gnu: bart: Update to 0.9.00. " Nicolas Graves via Guix-patches via
2024-11-11 11:47 ` Maxim Cournoyer
2024-11-11 15:23 ` Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` [bug#74035] [PATCH v4 2/8] gnu: pam-u2f: Update to 1.3.0. " Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` [bug#74035] [PATCH v4 3/8] gnu: sendmail: Update to 8.18.1. " Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` [bug#74035] [PATCH v4 4/8] gnu: openvpn: Update to 2.6.12. " Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` [bug#74035] [PATCH v4 5/8] gnu: youtube-dl: Deprecate package Nicolas Graves via Guix-patches via
2024-11-11 11:48 ` Maxim Cournoyer
2024-11-11 15:22 ` Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` [bug#74035] [PATCH v4 6/8] gnu: unicorn: Update to 2.1.1. [security fixes] Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` [bug#74035] [PATCH v4 7/8] gnu: Add sexpp Nicolas Graves via Guix-patches via
2024-11-05 23:13 ` [bug#74035] [PATCH v4 8/8] gnu: rnp: Update to 0.17.1. [security fixes] Nicolas Graves via Guix-patches via
2024-11-11 13:14 ` Maxim Cournoyer
2024-11-11 15:23 ` Nicolas Graves via Guix-patches via
2024-11-12 11:54 ` bug#74035: " Maxim Cournoyer
2024-11-12 14:12 ` [bug#74035] " Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874j4nq8vy.fsf@iscas.ac.cn \
--to=zhengjunjie@iscas.ac.cn \
--cc=74035@debbugs.gnu.org \
--cc=ngraves@ngraves.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).