Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next 2025-01-23T00:20:09+00:00 2025-01-23T00:20:09+00:00 Soumya Sambu soumya.sambu@windriver.com 2025-01-10T13:17:55+00:00 urn:sha1:e13c721bed30ec9ab67a6c802314b3fb2cd97831 In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. References: https://nvd.nist.gov/vuln/detail/CVE-2023-23969 Upstream-patch: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>