package/python-django: security bump to version 2.1.7 (653f86c0) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 653f86c0 authored Feb 15, 2019 by Peter Korsgaard Committed by Thomas Petazzoni Feb 15, 2019

package/python-django: security bump to version 2.1.7

Fixes the following security issues:

CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

If django.utils.numberformat.format() – used by contrib.admin as well as the
the floatformat, filesizeformat, and intcomma templates filters – received a
Decimal with a large number of digits or a large exponent, it could lead to
significant memory usage due to a call to '{:f}'.format().

To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.

https://docs.djangoproject.com/en/2.1/releases/2.1.6/

2.1.6 contained a packaging error, fixed by 2.1.7:

https://docs.djangoproject.com/en/2.1/releases/2.1.7/



Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

parent 92f34e8f

Hide whitespace changes

Inline Side-by-side

Please register or to comment