Date: Sun, 1 Feb 2015 17:57:58 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r378256 - in branches/2015Q1: security/vuxml www/py-django www/py-django-devel www/py-django14 www/py-django15 www/py-django16 Message-ID: <201502011757.t11Hvwo8010487@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu Date: Sun Feb 1 17:57:57 2015 New Revision: 378256 URL: https://svnweb.freebsd.org/changeset/ports/378256 QAT: https://qat.redports.org/buildarchive/r378256/ Log: MFH: r377750 Document Django 2014-01-13 vulnerabilty MFH: r377751 - Update to 1.7.3 Security: 9c7b6c20-a324-11e4-879c-00e0814cab4e MFH: r377752 - Update to 1.6.10 Security: 9c7b6c20-a324-11e4-879c-00e0814cab4e MFH: r377753 - Update to 1.4.18 Security: 9c7b6c20-a324-11e4-879c-00e0814cab4e MFH: r377754 - Update to 20150124 snapshot Security: 9c7b6c20-a324-11e4-879c-00e0814cab4e MFH: r377755 - Mark DEPRECATED since it is not supported by upstream MFH: r377804 - Fix description of 9c7b6c20-a324-11e4-879c-00e0814cab4e Approved by: ports-secteam (delphij) Modified: branches/2015Q1/security/vuxml/vuln.xml branches/2015Q1/www/py-django-devel/Makefile branches/2015Q1/www/py-django-devel/distinfo branches/2015Q1/www/py-django/Makefile branches/2015Q1/www/py-django/distinfo branches/2015Q1/www/py-django14/Makefile branches/2015Q1/www/py-django14/distinfo branches/2015Q1/www/py-django15/Makefile branches/2015Q1/www/py-django16/Makefile branches/2015Q1/www/py-django16/distinfo Directory Properties: branches/2015Q1/ (props changed) Modified: branches/2015Q1/security/vuxml/vuln.xml ============================================================================== --- branches/2015Q1/security/vuxml/vuln.xml Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/security/vuxml/vuln.xml Sun Feb 1 17:57:57 2015 (r378256) @@ -57,6 +57,81 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="9c7b6c20-a324-11e4-879c-00e0814cab4e"> + <topic>django -- multiple vulnerabilities</topic> + <affects> + <package> + <name>py27-django</name> + <range><ge>1.4</ge><lt>1.4.18</lt></range> + <range><ge>1.5</ge><le>1.5.12</le></range> + <range><ge>1.6</ge><lt>1.6.10</lt></range> + <range><ge>1.7</ge><lt>1.7.3</lt></range> + </package> + <package> + <name>py32-django</name> + <range><ge>1.4</ge><lt>1.4.18</lt></range> + <range><ge>1.5</ge><le>1.5.12</le></range> + <range><ge>1.6</ge><lt>1.6.10</lt></range> + <range><ge>1.7</ge><lt>1.7.3</lt></range> + </package> + <package> + <name>py33-django</name> + <range><ge>1.4</ge><lt>1.4.18</lt></range> + <range><ge>1.5</ge><le>1.5.12</le></range> + <range><ge>1.6</ge><lt>1.6.10</lt></range> + <range><ge>1.7</ge><lt>1.7.3</lt></range> + </package> + <package> + <name>py34-django</name> + <range><ge>1.4</ge><lt>1.4.18</lt></range> + <range><ge>1.5</ge><le>1.5.12</le></range> + <range><ge>1.6</ge><lt>1.6.10</lt></range> + <range><ge>1.7</ge><lt>1.7.3</lt></range> + </package> + <package> + <name>py27-django-devel</name> + <range><lt>20150124,1</lt></range> + </package> + <package> + <name>py32-django-devel</name> + <range><lt>20150124,1</lt></range> + </package> + <package> + <name>py33-django-devel</name> + <range><lt>20150124,1</lt></range> + </package> + <package> + <name>py34-django-devel</name> + <range><lt>20150124,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Django project reports:</p> + <blockquote cite="https://www.djangoproject.com/weblog/2015/jan/13/security/">; + <p>Today the Django team is issuing multiple releases -- + Django 1.4.18, Django 1.6.10, and Django 1.7.3 -- as part of our + security process. These releases are now available on PyPI and our + download page.</p> + <p>These releases address several security issues. We encourage all + users of Django to upgrade as soon as possible.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.djangoproject.com/weblog/2015/jan/13/security/</url>; + <cvename>CVE-2015-0219</cvename> + <cvename>CVE-2015-0220</cvename> + <cvename>CVE-2015-0221</cvename> + <cvename>CVE-2015-0222</cvename> + </references> + <dates> + <discovery>2015-01-13</discovery> + <entry>2015-01-23</entry> + <modified>2015-01-24</modified> + </dates> + </vuln> + <vuln vid="c3d43001-8064-11e4-801f-0022156e8794"> <topic>mutt -- denial of service via crafted mail message</topic> <affects> Modified: branches/2015Q1/www/py-django-devel/Makefile ============================================================================== --- branches/2015Q1/www/py-django-devel/Makefile Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django-devel/Makefile Sun Feb 1 17:57:57 2015 (r378256) @@ -14,14 +14,14 @@ COMMENT= High-level Python Web framework LICENSE= BSD3CLAUSE -SNAPSHOTDATE= 20140821 +SNAPSHOTDATE= 20150124 USES= cpe gettext python USE_GITHUB= yes USE_PYTHON= autoplist distutils GH_ACCOUNT= ${PORTNAME} -GH_TAGNAME= ad96254 +GH_TAGNAME= f8e4e4a GH_COMMIT= ${GH_TAGNAME} CONFLICTS= py2[0-9]-django-[0-9]* Modified: branches/2015Q1/www/py-django-devel/distinfo ============================================================================== --- branches/2015Q1/www/py-django-devel/distinfo Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django-devel/distinfo Sun Feb 1 17:57:57 2015 (r378256) @@ -1,2 +1,2 @@ -SHA256 (python/Django-20140821.tar.gz) = c93f6e71e46480f8fe63b015717f784d3f06bbfa7149f4677b67c608efec00ad -SIZE (python/Django-20140821.tar.gz) = 7536234 +SHA256 (python/Django-20150124.tar.gz) = 439d887de4dcceacd88e12779388270a1f654a650db4cc85ddfd1e130b2d0fb4 +SIZE (python/Django-20150124.tar.gz) = 7438215 Modified: branches/2015Q1/www/py-django/Makefile ============================================================================== --- branches/2015Q1/www/py-django/Makefile Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django/Makefile Sun Feb 1 17:57:57 2015 (r378256) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= django -PORTVERSION= 1.7 +PORTVERSION= 1.7.3 CATEGORIES= www python MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION}/ \ CHEESESHOP Modified: branches/2015Q1/www/py-django/distinfo ============================================================================== --- branches/2015Q1/www/py-django/distinfo Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django/distinfo Sun Feb 1 17:57:57 2015 (r378256) @@ -1,2 +1,2 @@ -SHA256 (python/Django-1.7.tar.gz) = 33f781f17f145f79ee8e0b8d753498e0e0188f0b53b2accad4045d623422d5e1 -SIZE (python/Django-1.7.tar.gz) = 7486550 +SHA256 (python/Django-1.7.3.tar.gz) = f226fb8aa438456968d403f6739de1cf2dad128db86f66ee2b41dfebe3645c5b +SIZE (python/Django-1.7.3.tar.gz) = 7589559 Modified: branches/2015Q1/www/py-django14/Makefile ============================================================================== --- branches/2015Q1/www/py-django14/Makefile Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django14/Makefile Sun Feb 1 17:57:57 2015 (r378256) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= django -PORTVERSION= 1.4.15 +PORTVERSION= 1.4.18 CATEGORIES= www python MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION:R}/ \ CHEESESHOP Modified: branches/2015Q1/www/py-django14/distinfo ============================================================================== --- branches/2015Q1/www/py-django14/distinfo Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django14/distinfo Sun Feb 1 17:57:57 2015 (r378256) @@ -1,2 +1,2 @@ -SHA256 (python/Django-1.4.15.tar.gz) = aa57ceb345091c25648b41c98a6f46fffd7884695fa884c7039291177ded14e9 -SIZE (python/Django-1.4.15.tar.gz) = 7754429 +SHA256 (python/Django-1.4.18.tar.gz) = bfd326fe490d03a2a86466fcb1ac335e7d8d58bc498cfe2311b1d751b515521f +SIZE (python/Django-1.4.18.tar.gz) = 7876896 Modified: branches/2015Q1/www/py-django15/Makefile ============================================================================== --- branches/2015Q1/www/py-django15/Makefile Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django15/Makefile Sun Feb 1 17:57:57 2015 (r378256) @@ -14,6 +14,9 @@ DIST_SUBDIR= python MAINTAINER= lwhsu@FreeBSD.org COMMENT= High-level Python Web framework +DEPRECATED= not supported by upstream +EXPIRATION_DATE= 2015-02-28 + LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE Modified: branches/2015Q1/www/py-django16/Makefile ============================================================================== --- branches/2015Q1/www/py-django16/Makefile Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django16/Makefile Sun Feb 1 17:57:57 2015 (r378256) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= django -PORTVERSION= 1.6.7 +PORTVERSION= 1.6.10 CATEGORIES= www python MASTER_SITES= https://www.djangoproject.com/m/releases/${PORTVERSION}/ \ CHEESESHOP Modified: branches/2015Q1/www/py-django16/distinfo ============================================================================== --- branches/2015Q1/www/py-django16/distinfo Sun Feb 1 17:49:26 2015 (r378255) +++ branches/2015Q1/www/py-django16/distinfo Sun Feb 1 17:57:57 2015 (r378256) @@ -1,2 +1,2 @@ -SHA256 (python/Django-1.6.7.tar.gz) = 9a64211c96a3262bb2545acc82af5d8f3da0175299f7c7e901e4ed455be965fb -SIZE (python/Django-1.6.7.tar.gz) = 6647301 +SHA256 (python/Django-1.6.10.tar.gz) = 54eb59ce785401c7d1fdeed245efce597e90f811d6a20f6b5c6931c0049d63a6 +SIZE (python/Django-1.6.10.tar.gz) = 6760152
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502011757.t11Hvwo8010487>