!120 [sync] PR-116: Update to 4.2.15 for fix CVE-2024-41989,CVE-2024-41990,CVE-2024-41991 and CVE-2024-42005

From: @openeuler-sync-bot Reviewed-by: @cherry530 Signed-off-by: @cherry530
2024-08-13 06:22:16 +00:00 · 2024-08-13 06:22:16 +00:00 · c6fd153566
commit c6fd153566
parent 5b51e71d77 f15296ef33
2 changed files with 9 additions and 1 deletions
--- a/Django-4.2.15.tar.gz
+++ b/Django-4.2.15.tar.gz
--- a/python-django.spec
+++ b/python-django.spec
@ -1,6 +1,6 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-django
-Version:	4.2.14
+Version:	4.2.15
 Release:	1
 Summary:	A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
 License:	Apache-2.0 and Python-2.0 and BSD-3-Clause
@ -72,6 +72,14 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 %changelog
 * Thu Aug 08 2024 yaoxin <yao_xin001@hoperun.com> - 4.2.15-1
 - Update to 4.2.15
  * CVE-2024-41989: Memory exhaustion in ``django.utils.numberformat.floatformat()``
  * CVE-2024-41990: Potential denial-of-service vulnerability in ``django.utils.html.urlize()``
  * CVE-2024-41991: Potential denial-of-service vulnerability in ``django.utils.html.urlize()`` and ``AdminURLFieldWidget``
  * CVE-2024-42005: Potential SQL injection in ``QuerySet.values()`` and ``values_list()``
  * Fixed a regression in Django 4.2.14 that caused a crash in ``LocaleMiddleware`` when processing a language code over 500 characters
 * Fri Jul 12 2024 yaoxin <yao_xin001@hoperun.com> - 4.2.14-1
 - Update to 4.2.14
  * CVE-2024-38875: Potential denial-of-service vulnerability in django.utils.html.urlize()