GNU bug report logs - #74035
[PATCH 00/24] [security fixes] for near-leaf packages

Previous Next

Package: guix-patches;

Reported by: Nicolas Graves <ngraves <at> ngraves.fr>

Date: Sat, 26 Oct 2024 22:34:02 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #215 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>
To: Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org>
Cc: Nicolas Graves <ngraves <at> ngraves.fr>, 74035 <at> debbugs.gnu.org
Subject: Re: [bug#74035] [PATCH v2 02/26] gnu: python-django-4.2: Update to
 4.2.16. [security fixes]
Date: Tue, 05 Nov 2024 00:08:33 +0800

[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:

> This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
> CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
> CVE-2023-43665 and CVE-2023-46695.
>
> * gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
> [properties]: Add lint-hidden-cve property.
> ---
>  gnu/packages/django.scm | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
> index 4404c8368d..4cf043f7c1 100644
> --- a/gnu/packages/django.scm
> +++ b/gnu/packages/django.scm
> @@ -57,13 +57,13 @@ (define-module (gnu packages django)
>  (define-public python-django-4.2
>    (package
>      (name "python-django")
> -    (version "4.2.5")
> +    (version "4.2.16")
>      (source (origin
>                (method url-fetch)
>                (uri (pypi-uri "Django" version))
>                (sha256
>                 (base32
> -                "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
> +                "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
>      (build-system pyproject-build-system)
>      (arguments
>       '(#:test-flags
> @@ -140,7 +140,9 @@ (define-public python-django-4.2
>  any Web site.  Django focuses on automating as much as possible and adhering
>  to the @dfn{don't repeat yourself} (DRY) principle.")
>      (license license:bsd-3)
> -    (properties `((cpe-name . "django")))))
> +    (properties `((cpe-name . "django")
> +                  ;; This CVE seems fixed since 4.2.1.
> +                  (lint-hidden-cve . ("CVE-2023-31047"))))))
>  
>  (define-public python-django-3.2
>    (package

apply.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 192 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.