)]}' { "commit": "c356b20ba8afa79b08fc3d30a1c3f60d9f3c6f65", "tree": "5fe133b839c27afbf4ba7b129b9b4b23de1d9aab", "parents": [ "ff60c4c533096f8fd69c31d9f57ed1daa596d08a" ], "author": { "name": "Peter Korsgaard", "email": "peter@korsgaard.com", "time": "Wed Nov 18 16:47:42 2020 +0100" }, "committer": { "name": "Peter Korsgaard", "email": "peter@korsgaard.com", "time": "Fri Nov 20 18:18:30 2020 +0100" }, "message": "package/python-flask-cors: security bump to version 3.0.9\n\nFixes the following security issue:\n\n- CVE-2020-25032: An issue was discovered in Flask-CORS (aka CORS Middleware\n for Flask) before 3.0.9. It allows ../ directory traversal to access\n private resources because resource matching does not ensure that pathnames\n are in a canonical format.\n\nAlso drop outdated md5 checksum and fix .hash indentation.\n\nSigned-off-by: Peter Korsgaard \u003cpeter@korsgaard.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "a893b7c890ce8bdf6d6ccea10d8c228836d3d275", "old_mode": 33188, "old_path": "package/python-flask-cors/python-flask-cors.hash", "new_id": "15b7d41a320ac3731c325a5c5b98e22ba4cef840", "new_mode": 33188, "new_path": "package/python-flask-cors/python-flask-cors.hash" }, { "type": "modify", "old_id": "60454e27c41869a525c41ab19344c3e344771a8b", "old_mode": 33188, "old_path": "package/python-flask-cors/python-flask-cors.mk", "new_id": "d7121090027de3da171397c27019d097894e1e1b", "new_mode": 33188, "new_path": "package/python-flask-cors/python-flask-cors.mk" } ] }