diff options
author | Narpat Mali <narpat.mali@windriver.com> | 2023-09-26 11:24:28 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-09-27 10:23:14 -0400 |
commit | ab9a31fabcb959129798644cdac61e4606daf75c (patch) | |
tree | 781c679ac21f8547592e10e13fd6929800c2bdc9 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb | |
parent | b25e6a9e9111cbc0fc71e0e96c560c5cd2ee845d (diff) | |
download | meta-openembedded-contrib-ab9a31fabcb959129798644cdac61e4606daf75c.tar.gz |
python3-django: fix CVE-2023-41164
In Django 3.2 before 3.2.21, 4 before 4.1.11, and 4.2 before 4.2.5,
``django.utils.encoding.uri_to_iri()`` was subject to potential denial
of service attack via certain inputs with a very large number of Unicode
characters.
Since, there is no ptest available for python3-django so have not
tested the patch changes at runtime.
References:
https://security-tracker.debian.org/tracker/CVE-2023-41164
https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django_2.2.28.bb')
-rw-r--r-- | meta-python/recipes-devtools/python/python3-django_2.2.28.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index ec65a985da..c35323f455 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb @@ -7,6 +7,7 @@ inherit setuptools3 SRC_URI += "file://CVE-2023-31047.patch \ file://CVE-2023-36053.patch \ + file://CVE-2023-41164.patch \ " SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413" |