Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next 2023-06-17T17:50:15+00:00 2023-06-17T17:50:15+00:00 Narpat Mali narpat.mali@windriver.com 2023-05-29T14:44:14+00:00 urn:sha1:9ea78f00a460d2c2f6e1cd49121e5e41eb2c68a4 The delta between 3.2.12 and 3.2.19 contain numerous CVEs and other bugfixes. git log --oneline 3.2.12..3.2.19 shows: fc42edd2e6 (tag: 3.2.19) [3.2.x] Bumped version for 3.2.19 release. eed53d0011 [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field. 007e46d815 [3.2.x] Added missing backticks in docs/releases/1.7.txt. a37e4d5d6e [3.2.x] Added stub release notes for 3.2.19. 963f24cff2 [3.2.x] Added CVE-2023-24580 to security archive. e34a2283f2 [3.2.x] Post-release version bump. 722e9f8a38 (tag: 3.2.18) [3.2.x] Bumped version for 3.2.18 release. a665ed5179 [3.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 932b5bd52d [3.2.x] Added stub release notes for 3.2.18. c35a5788f4 [3.2.x] Added CVE-2023-23969 to security archive. 9bd8db3940 [3.2.x] Post-release version bump. aed1bb56d1 (tag: 3.2.17) [3.2.x] Bumped version for 3.2.17 release. c7e0151fdf [3.2.x] Fixed CVE-2023-23969 -- Prevented DoS with pathological values for Accept-Language. 9da46345d8 [3.2.x] Fixed inspectdb.tests.InspectDBTestCase.test_custom_fields() on SQLite 3.37+. 4c2b26174f [3.2.x] Removed 'tests' path prefix in a couple tests. d21543182d [3.2.x] Adjusted release notes for 3.2.17. 4e31d3ea55 [3.2.x] Added stub release notes for 3.2.17. 238e8898ac [3.2.x] Corrected passenv value for tox 4.0.6+. b381ab4906 [3.2.x] Disabled auto-created table of contents entries on Sphinx 5.2+. f6f0699d01 [3.2.x] Removed obsolete doc reference to asyncio.iscoroutinefunction. accdd0576d [3.2.x] Added CVE-2022-36359 to security archive. 7190b38b8d [3.2.x] Post-release version bump. 4c85beca9d (tag: 3.2.16) [3.2.x] Bumped version for 3.2.16 release. 5b6b257fa7 [3.2.x] Fixed CVE-2022-41323 -- Prevented locales being interpreted as regular expressions. 33affaf0b6 [3.2.x] Added stub notes 3.2.16 release. 777362d74a [3.2.x] Added CVE-2022-36359 to security archive. eb5bdb461e [3.2.x] Post-release version bump. 653a7bd7b7 (tag: 3.2.15) [3.2.x] Bumped version for 3.2.15 release. b3e4494d75 [3.2.x] Fixed CVE-2022-36359 -- Escaped filename in Content-Disposition header. cb7fbac9f8 [3.2.x] Fixed collation tests on MySQL 8.0.30+. 840d009c06 [3.2.x] Fixed inspectdb and schema tests on MariaDB 10.6+. a5eba20f40 Adjusted release notes for 3.2.15. ad104fb50f [3.2.x] Added stub release notes for 3.2.15 release. 22916c8c1f [3.2.x] Fixed RelatedGeoModelTest.test08_defer_only() on MySQL 8+ with MyISAM storage engine. e1cfbe58b7 [3.2.x] Added CVE-2022-34265 to security archive. 605cf0d3f6 [3.2.x] Post-release version bump. 746e88cc63 (tag: 3.2.14) [3.2.x] Bumped version for 3.2.14 release. a9010fe555 [3.2.x] Fixed CVE-2022-34265 -- Protected Trunc(kind)/Extract(lookup_name) against SQL injection. 3acf156be3 [3.2.x] Fixed GEOSTest.test_emptyCollections() on GEOS 3.8.0. 4a5d98ee0a [3.2.x] Bumped minimum Sphinx version to 4.5.0. 1a9098166e [3.2.x] Fixed docs build with sphinxcontrib-spelling 7.5.0+. 37f4de2deb [3.2.x] Added stub release notes for 3.2.14. 7595f763a9 [3.2.x] Fixed test_request_lifecycle_signals_dispatched_with_thread_sensitive with asgiref 3.5.1+. 2dc85ecf3e [3.2.x] Fixed CoveringIndexTests.test_covering_partial_index() when DEFAULT_INDEX_TABLESPACE is set. a23c25d84a [3.2.x] Fixed #33753 -- Fixed docs build on Sphinx 5+. e01b383e02 [3.2.x] Added CVE-2022-28346 and CVE-2022-28347 to security archive. ac2fb5ccb6 [3.2.x] Post-release version bump. 08e6073f87 (tag: 3.2.13) [3.2.x] Bumped version for 3.2.13 release. 9e19accb6e [3.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against SQL injection on PostgreSQL. 2044dac5c6 [3.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases. bdb92dba0b [3.2.x] Fixed #33628 -- Ignored directories with empty names in autoreloader check for template changes. 70035fb044 [3.2.x] Added stub release notes for 3.2.13 and 2.2.28. 7e7ea71a8d [3.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+." 610ecc9053 [3.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+. 754af45773 [3.2.x] Fixed typo in release notes. 6f309165e5 [3.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive. 1e6b555c92 [3.2.x] Post-release version bump. Release Notes: https://docs.djangoproject.com/en/3.2/releases/ Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2022-03-15T19:34:22+00:00 Trevor Gamblin trevor.gamblin@windriver.com 2022-03-14T16:44:09+00:00 urn:sha1:f15c046c742d4d5bc194e568160ec7fa0ff0b71a 3.2.12 fixes CVE-2022-22818 and CVE-2022-23833. See: https://docs.djangoproject.com/en/dev/releases/3.2.12/ Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: tgamblin <trevor.gamblin@windriver.com>