From patchwork Sat Oct 26 22:42:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Graves X-Patchwork-Id: 69499 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 3DD9727BBEA; Sat, 26 Oct 2024 23:44:04 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id EE6E227BBE2 for ; Sat, 26 Oct 2024 23:44:03 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t4pVN-0008Uw-4M; Sat, 26 Oct 2024 18:43:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4pVJ-0008Pu-Av for guix-patches@gnu.org; Sat, 26 Oct 2024 18:43:29 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t4pVJ-0007Cb-2g for guix-patches@gnu.org; Sat, 26 Oct 2024 18:43:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=pxk7UZfXkYvn1LkT9YH2e2k0/sOL0hU4dQ8JC7xa7pM=; b=ArpiYFfoU1UXydOLJUPodr2XVtABDY1JXKu5q98Qu5kYFC7k91NAnq99XZDp/FCW8xtAZQJAkz6CaCdwlr87wgjuY69sqi6DYp41jlmjBDPZb5z7bHwhZ7q/PUEZNwj3PvJy6ANmO0lX2bb7ldVgcI/qg5KL8zipzWA5SxG3j1Tv2dxF7vEBnIVw/ZKoiQzfpIQXdyehRbO7EaeAmXrn/A2BHfukp/bZY0zyPOhvjnwEorz5nwMrLclqCxdD8RD6fEMobDjD7wmlRX73rx0KO005rJnXsLEv9RF3DcO9f5UXBN7JJPCxgHecsLuejzXuD95V3TpkX8abtwg6E52Jtw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t4pVq-0006jp-UM for guix-patches@gnu.org; Sat, 26 Oct 2024 18:44:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#74035] [PATCH 01/24] gnu: python-django-4.2: Update to 4.2.16. [security fixes] References: <20241026223238.26667-1-ngraves@ngraves.fr> In-Reply-To: <20241026223238.26667-1-ngraves@ngraves.fr> Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 26 Oct 2024 22:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74035 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74035@debbugs.gnu.org Cc: Nicolas Graves Received: via spool by 74035-submit@debbugs.gnu.org id=B74035.172998262625796 (code B ref 74035); Sat, 26 Oct 2024 22:44:02 +0000 Received: (at 74035) by debbugs.gnu.org; 26 Oct 2024 22:43:46 +0000 Received: from localhost ([127.0.0.1]:42993 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4pVa-0006hu-AQ for submit@debbugs.gnu.org; Sat, 26 Oct 2024 18:43:46 -0400 Received: from 20.mo581.mail-out.ovh.net ([46.105.49.208]:37013) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4pVX-0006hd-9V for 74035@debbugs.gnu.org; Sat, 26 Oct 2024 18:43:44 -0400 Received: from director5.ghost.mail-out.ovh.net (unknown [10.109.148.34]) by mo581.mail-out.ovh.net (Postfix) with ESMTP id 4XbZRw1LCfz1Hr9 for <74035@debbugs.gnu.org>; Sat, 26 Oct 2024 22:43:08 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-dk7fm (unknown [10.110.178.131]) by director5.ghost.mail-out.ovh.net (Postfix) with ESMTPS id E934D1FDD5; Sat, 26 Oct 2024 22:43:07 +0000 (UTC) Received: from ngraves.fr ([37.59.142.108]) by ghost-submission-5b5ff79f4f-dk7fm with ESMTPSA id 7KuHLntwHWehlBYAbQeWaQ (envelope-from ); Sat, 26 Oct 2024 22:43:07 +0000 Authentication-Results: garm.ovh; auth=pass (GARM-108S002abb8b42c-e4e8-4845-b369-e527b0c97b79, E6BF9B87AE7FBE7894246B3B643E76DCC103CD4C) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 86.246.19.221 Date: Sun, 27 Oct 2024 00:42:22 +0200 Message-ID: <20241026224300.30694-1-ngraves@ngraves.fr> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 X-Ovh-Tracer-Id: 8105353433055290082 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeftddrvdejhedgudefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffoggfgsedtkeertdertddtnecuhfhrohhmpefpihgtohhlrghsucfirhgrvhgvshcuoehnghhrrghvvghssehnghhrrghvvghsrdhfrheqnecuggftrfgrthhtvghrnhepkeffgeetfffgffejgeejvdffgfdtvdeuueetgfefuedvjeegvdegjeejveeuueevnecukfhppeduvdejrddtrddtrddupdekiedrvdegiedrudelrddvvddupdefjedrheelrddugedvrddutdeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehnghhrrghvvghssehnghhrrghvvghsrdhfrhdpnhgspghrtghpthhtohepuddprhgtphhtthhopeejgedtfeehseguvggssghughhsrdhgnhhurdhorhhgpdfovfetjfhoshhtpehmohehkedupdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=pxk7UZfXkYvn1LkT9YH2e2k0/sOL0hU4dQ8JC7xa7pM=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1729982588; v=1; b=B/YqP9aalZAfS6cV0Vloa4a6h/WS5JoXp1iMUsXWSOYlQOBYUprehBtL+qRjk4JqXqj0V9qe nvWrQAZWuU1tPCKY/4gaiq5RGeXvjId/L0FDb6+3xeCzquTQna96z8DMneNDIsrMUAUZBCDDqKg vuW6XwoRehpq9r72qR2QWeYTELEWCWQk5oq+OrIXaLkmQvAFzo8Xcc840JfNu2FOqSmaZKZoxHU ArEJ2IP3cncvVeTWUzZRIwk74FQa+wZWniMaTx8BjwCXbqpIfj/g23Tx48rkgywx2wx9evvJWVr xtrEG6E9lbnPa2syLbYvAelV5r7tb9j2Kd+TQcy6PAG2A== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches X-Patchwork-Original-From: Nicolas Graves via Guix-patches via From: Nicolas Graves Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231, CVE-2023-43665 and CVE-2023-46695. * gnu/packages/django.scm (python-django-4.2): Update to 4.2.16. [properties]: Add lint-hidden-cve property. --- gnu/packages/django.scm | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm index 4404c8368d..4cf043f7c1 100644 --- a/gnu/packages/django.scm +++ b/gnu/packages/django.scm @@ -57,13 +57,13 @@ (define-module (gnu packages django) (define-public python-django-4.2 (package (name "python-django") - (version "4.2.5") + (version "4.2.16") (source (origin (method url-fetch) (uri (pypi-uri "Django" version)) (sha256 (base32 - "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y")))) + "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg")))) (build-system pyproject-build-system) (arguments '(#:test-flags @@ -140,7 +140,9 @@ (define-public python-django-4.2 any Web site. Django focuses on automating as much as possible and adhering to the @dfn{don't repeat yourself} (DRY) principle.") (license license:bsd-3) - (properties `((cpe-name . "django"))))) + (properties `((cpe-name . "django") + ;; This CVE seems fixed since 4.2.1. + (lint-hidden-cve . ("CVE-2023-31047")))))) (define-public python-django-3.2 (package