guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#74035] [PATCH 01/24] gnu: python-django-4.2: Update to 4.2.16. [sec

From: Nicolas Graves
Subject: [bug#74035] [PATCH 01/24] gnu: python-django-4.2: Update to 4.2.16. [security fixes]
Date: Sun, 27 Oct 2024 00:42:22 +0200 
This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
CVE-2023-43665 and CVE-2023-46695.

* gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
[properties]: Add lint-hidden-cve property.
---
 gnu/packages/django.scm | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 4404c8368d..4cf043f7c1 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -57,13 +57,13 @@ (define-module (gnu packages django)
 (define-public python-django-4.2
   (package
     (name "python-django")
-    (version "4.2.5")
+    (version "4.2.16")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "Django" version))
               (sha256
                (base32
-                "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
+                "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
     (build-system pyproject-build-system)
     (arguments
      '(#:test-flags
@@ -140,7 +140,9 @@ (define-public python-django-4.2
 any Web site.  Django focuses on automating as much as possible and adhering
 to the @dfn{don't repeat yourself} (DRY) principle.")
     (license license:bsd-3)
-    (properties `((cpe-name . "django")))))
+    (properties `((cpe-name . "django")
+                  ;; This CVE seems fixed since 4.2.1.
+                  (lint-hidden-cve . ("CVE-2023-31047"))))))
 
 (define-public python-django-3.2
   (package
-- 
2.46.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]