From 8a6a03eff877634cc5cab74c36a46421e6a2a5af Mon Sep 17 00:00:00 2001
From: Wentao Zhang <wentao.zhang@windriver.com>
Date: Tue, 22 Aug 2023 09:21:12 +0800
Subject: [PATCH] Debian: package : fix
 CVE-2023-36053/CVE-2023-23969/CVE-2023-24580/CVE-2023-31047

Upgrade python3-django to 2:2.2.28-1~deb11u2

Refer to:
https://nvd.nist.gov/vuln/detail/CVE-2023-36053
https://nvd.nist.gov/vuln/detail/CVE-2023-23969
https://nvd.nist.gov/vuln/detail/CVE-2023-24580
https://nvd.nist.gov/vuln/detail/CVE-2023-31047

Test Plan:
Pass: downloader
Pass: build-pkgs --clean --all
Pass: build-image
Pass: boot

Closes-bug: #2030472

Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
Change-Id: I34816384079b1d00352d67eea7194071fd1a61fe
---
 debian-mirror-tools/config/debian/common/base-bullseye.lst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst
index 8cfe17e9f..0e77b03d6 100644
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@@ -888,7 +888,7 @@ python3-defusedxml  0.6.0-2
 python3-deprecation  2.1.0-1
 python3-dev  3.9.2-3
 python3-distutils  3.9.2-1
-python3-django  2:2.2.28-1~deb11u1  https://snapshot.debian.org/archive/debian/20221120T210808Z/pool/main/p/python-django/python3-django_2.2.28-1~deb11u1_all.deb
+python3-django  2:2.2.28-1~deb11u2  https://snapshot.debian.org/archive/debian-security/20230803T204610Z/pool/updates/main/p/python-django/python3-django_2.2.28-1~deb11u2_all.deb
 python3-django-appconf  1.0.3-1
 python3-django-compressor  2.4-2
 python3-django-debreach  2.0.1-2