From: Nicolas Graves via Guix-patches via <guix-patches@gnu.org>
To: 74035@debbugs.gnu.org
Cc: Nicolas Graves <ngraves@ngraves.fr>
Subject: [bug#74035] [PATCH 01/24] gnu: python-django-4.2: Update to 4.2.16. [security fixes]
Date: Sun, 27 Oct 2024 00:42:22 +0200 [thread overview]
Message-ID: <20241026224300.30694-1-ngraves@ngraves.fr> (raw)
In-Reply-To: <20241026223238.26667-1-ngraves@ngraves.fr>
This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
CVE-2023-43665 and CVE-2023-46695.
* gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
[properties]: Add lint-hidden-cve property.
---
gnu/packages/django.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 4404c8368d..4cf043f7c1 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -57,13 +57,13 @@ (define-module (gnu packages django)
(define-public python-django-4.2
(package
(name "python-django")
- (version "4.2.5")
+ (version "4.2.16")
(source (origin
(method url-fetch)
(uri (pypi-uri "Django" version))
(sha256
(base32
- "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
+ "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
(build-system pyproject-build-system)
(arguments
'(#:test-flags
@@ -140,7 +140,9 @@ (define-public python-django-4.2
any Web site. Django focuses on automating as much as possible and adhering
to the @dfn{don't repeat yourself} (DRY) principle.")
(license license:bsd-3)
- (properties `((cpe-name . "django")))))
+ (properties `((cpe-name . "django")
+ ;; This CVE seems fixed since 4.2.1.
+ (lint-hidden-cve . ("CVE-2023-31047"))))))
(define-public python-django-3.2
(package
--
2.46.0
next prev parent reply other threads:[~2024-10-26 22:44 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-26 22:29 [bug#74035] [PATCH 00/24] [security fixes] for near-leaf packages Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` Nicolas Graves via Guix-patches via [this message]
2024-10-26 22:42 ` [bug#74035] [PATCH 02/24] gnu: maradns: Update to 3.5.0036. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 03/24] gnu: maradns: Improve style Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 04/24] gnu: libmobi: Update to 0.12. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 05/24] gnu: bart: Update to 0.9.00. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 06/24] gnu: wireshark: Update to 4.4.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 07/24] gnu: pam-u2f: Update to 1.3.0. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 08/24] gnu: darkhttpd: Update to 1.16. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 09/24] gnu: xlsxio: Update to 0.2.35. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 10/24] gnu: pypy: Update to 7.3.17. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 11/24] gnu: indent: Remove uneeded arguments Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 12/24] gnu: indent: Add patch for CVE-2024-0911. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 13/24] gnu: squashfs-tools: Update to 4.6.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 14/24] gnu: shapelib: Update to 1.6.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 15/24] gnu: libzapojit: Update to 0.0.3-1.99d49ba. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 16/24] gnu: gifsicle: Update to 1.95. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 17/24] gnu: sendmail: Update to 8.18.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 18/24] gnu: openvpn: Update to 2.6.12. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 19/24] gnu: youtube-dl: Deprecate package Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 20/24] gnu: liblouis: Update to 3.31.0. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 21/24] gnu: unicorn: Update to 2.1.1. " Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 22/24] gnu: Add sexpp Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 23/24] gnu: rnp: Update to 0.17.1. [security fixes] Nicolas Graves via Guix-patches via
2024-10-26 22:42 ` [bug#74035] [PATCH 24/24] gnu: cjson: Update to 1.7.18. " Nicolas Graves via Guix-patches via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241026224300.30694-1-ngraves@ngraves.fr \
--to=guix-patches@gnu.org \
--cc=74035@debbugs.gnu.org \
--cc=ngraves@ngraves.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.