238911 – www/py-django22: Update to 2.2.3 (bugfix & security release)

Bug 238911 - www/py-django22: Update to 2.2.3 (bugfix & security release)

Summary: www/py-django22: Update to 2.2.3 (bugfix & security release)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Wen Heping

URL:	https://docs.djangoproject.com/en/2.2...
Keywords:	security

Depends on:
Blocks:

Reported:	2019-07-01 09:59 UTC by Kubilay Kocak
Modified:	2019-07-07 07:26 UTC (History)
CC List:	3 users (show)

See Also:	238910

Flags:	bugzilla: maintainer-feedback? (python) koobs: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kubilay Kocak freebsd_committer

2019-07-01 09:59:22 UTC

2.2.3 fixes:

CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS¶

And two regressions in 2.2/2.2.1

Comment 1 Walter Schwarzenfeld freebsd_triage

2019-07-01 14:13:30 UTC

See ports r505572.

Comment 2 Wen Heping freebsd_committer

2019-07-01 14:15:57 UTC

Sorry I committed the update without noticing your PR.

wen

Comment 3 Kubilay Kocak freebsd_committer

2019-07-01 14:19:26 UTC

That's OK, please reference the PR's when committing the VuXML entries

Comment 4 commit-hook freebsd_committer

2019-07-01 14:39:45 UTC

A commit references this bug:

Author: wen
Date: Mon Jul  1 14:39:36 UTC 2019
New revision: 505575
URL: https://svnweb.freebsd.org/changeset/ports/505575

Log:
  - Document Django vulnerabilities.

  PR:		238911, 238910
  Submitted by:	koobs@

Changes:
  head/security/vuxml/vuln.xml