godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-01 13:49:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
5abe7bd726493acd0b9ea4600b7a33ccfaefce2f
buildroot/package/python-django/python-django.hash
Peter Korsgaard cd8bf27f72 package/python-django: security bump to version 4.1.13 
Fixes the following (Windows-only) security issue:

CVE-2023-46695: Potential denial of service vulnerability in UsernameField
on Windows

The NFKC normalization is slow on Windows.  As a consequence,
django.contrib.auth.forms.UsernameField was subject to a potential denial of
service attack via certain inputs with a very large number of Unicode
characters.

In order to avoid the vulnerability, invalid values longer than
UsernameField.max_length are no longer normalized, since they cannot pass
validation anyway.

https://www.djangoproject.com/weblog/2023/nov/01/security-releases/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-11-08 19:10:34 +01:00

6 lines
326 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/django/json
md5 a16208af2aa54cbe97ff79ec4426da84 Django-4.1.13.tar.gz
sha256 94a3f471e833c8f124ee7a2de11e92f633991d975e3fa5bdd91e8abd66426318 Django-4.1.13.tar.gz
# Locally computed sha256 checksums
sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE
Reference in New Issue View Git Blame Copy Permalink