python3-django: fix CVE-2023-41164 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2023-09-26 11:24:28 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-09-27 10:23:14 -0400
commit	ab9a31fabcb959129798644cdac61e4606daf75c (patch)
tree	781c679ac21f8547592e10e13fd6929800c2bdc9 /meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch
parent	b25e6a9e9111cbc0fc71e0e96c560c5cd2ee845d (diff)
download	meta-openembedded-ab9a31fabcb959129798644cdac61e4606daf75c.tar.gz

python3-django: fix CVE-2023-41164

In Django 3.2 before 3.2.21, 4 before 4.1.11, and 4.2 before 4.2.5, ``django.utils.encoding.uri_to_iri()`` was subject to potential denial of service attack via certain inputs with a very large number of Unicode characters. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://security-tracker.debian.org/tracker/CVE-2023-41164 https://www.djangoproject.com/weblog/2023/sep/04/security-releases/ Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: