Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

django: [18.09] CVE-2019-3498 #54941

Merged
merged 6 commits into from
Jan 31, 2019

Conversation

dotlambda
Copy link
Member

@dotlambda dotlambda commented Jan 30, 2019

Motivation for this change

Backport of #54940.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

cc @georgewhewell

marsam and others added 6 commits January 30, 2019 14:51
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python3.6-django/versions

(cherry picked from commit 1330965)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python3.7-django/versions

(cherry picked from commit 375f2c2)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python3.7-django/versions

(cherry picked from commit 0f5b4ec)
@dotlambda dotlambda added 1.severity: security 8.has: port to stable A PR already has a backport to the stable release. labels Jan 30, 2019
@dotlambda dotlambda requested a review from lsix January 30, 2019 13:57
@dotlambda dotlambda requested a review from FRidh as a code owner January 30, 2019 13:57
@grahamc grahamc changed the title [18.09] CVE-2019-3498 django: [18.09] CVE-2019-3498 Jan 30, 2019
@dotlambda
Copy link
Member Author

Tested every dependency except sage (to which this change shouldn't make any difference) using nix-review. The reported failures (buildbot buildbot-full buildbot-ui python27Packages.django-sites python36Packages.channels python36Packages.django-sites) are also present in the release-18.09 branch.

@dotlambda dotlambda merged commit 5769ebc into NixOS:release-18.09 Jan 31, 2019
@dotlambda dotlambda deleted the CVE-2019-3498-backport branch January 17, 2024 05:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants