mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-01 13:49:03 +03:00
cb208416c3
Fixes the following security issues (2.2.10): - CVE-2020-7471: Potential SQL injection via StringAgg(delimiter) django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter. For more details, see the advisory: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/ Fixes the following security issues (2.2.11): - CVE-2020-9402: Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle. GIS functions and aggregates on Oracle were subject to SQL injection, using a suitably crafted tolerance. For more details, see the advisory: https://www.djangoproject.com/weblog/2020/mar/04/security-releases/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>