Accepting request 890932 from home:aplanas:branches:devel:languages:python:django

- Update to 3.2.2 (CVE-2021-32052) OBS-URL: https://build.opensuse.org/request/show/890932 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:django/python-Django?expand=0&rev=82
2021-05-07 08:11:13 +00:00
parent bc6d5ae53b
commit 8622f84af6
6 changed files with 81 additions and 71 deletions
--- a/python-Django.changes
+++ b/python-Django.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu May  6 08:54:41 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Update to 3.2.2 (CVE-2021-32052)
+  + CVE-2021-32052: Header injection possibility since URLValidator
+    accepted newlines in input on Python 3.9.5+
+  + Prevented, following a regression in Django 3.2.1, makemigrations
+    from generating infinite migrations for a model with Meta.ordering
+    contained OrderBy expressions
+
 -------------------------------------------------------------------
 Wed May  5 17:25:18 UTC 2021 - Ben Greiner <code@bnavigator.de>