Merge pull request #64270 from alyssais/cve-2019-12781

python3Packages.django: fix CVE-2019-12781

pkgs/development/python-modules/django/1_11.nix

@@ -5,11 +5,11 @@
 
 buildPythonPackage rec {
   pname = "Django";
-  version = "1.11.21";
+  version = "1.11.22";
 
   src = fetchurl {
     url = "https://www.djangoproject.com/m/releases/1.11/${pname}-${version}.tar.gz";
-    sha256 = "0adhcw8sx2mgwk9y2j760y96pqbip1ni3sf2v2ls5zxc9x93wwms";
+    sha256 = "0if8p7sgbvpy3m8d25pw1x232s14ndd60w5s5d88jl3hl505s3c3";
   };
 
   patches = stdenv.lib.optionals withGdal [

pkgs/development/python-modules/django/1_8.nix

@@ -28,6 +28,9 @@ buildPythonPackage rec {
       # The patches were not backported due to Django 1.8 having reached EOL
       https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
       https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
+      https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
+      https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
+      https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
     ];
   };
 

pkgs/development/python-modules/django/2_1.nix

@@ -6,13 +6,13 @@
 
 buildPythonPackage rec {
   pname = "Django";
-  version = "2.1.9";
+  version = "2.1.10";
 
   disabled = !isPy3k;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1nkqylj6hz7k45mvwch2y5cc06ncnzbxnzw2d7vbv10azzsdwljh";
+    sha256 = "0n794x17x8q2jzjm12glb900y53r3bxg8dafvl65djiglm4abqk5";
   };
 
   patches = stdenv.lib.optionals withGdal [

pkgs/development/python-modules/django/2_2.nix

@@ -6,13 +6,13 @@
 
 buildPythonPackage rec {
   pname = "Django";
-  version = "2.2.2";
+  version = "2.2.3";
 
   disabled = !isPy3k;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1xbqsa016szsqx6pnggrlxs81169hd8adzmdvp969007xg9k0gbm";
+    sha256 = "1sn0a7yjipwxrplh1x4kr77a93xzik1inh07bxwaqaw94qdzc8sd";
   };
 
   patches = stdenv.lib.optional withGdal