python3-django: fix CVE-2023-36053 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2023-07-28 08:13:18 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-08-25 10:45:34 -0400
commit	ac60beb44f62181ce48134bac61d89b7c0f4476f (patch)
tree	061a6b35081803e3fef0139bd63cbe575b8a2636 /meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch
parent	99a5eb7a173377c20fc5822896272b0f21edffe0 (diff)
download	meta-openembedded-ac60beb44f62181ce48134bac61d89b7c0f4476f.tar.gz

python3-django: fix CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://github.com/advisories/GHSA-jh3w-4vvf-mjgr https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582 Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: