Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next 2025-01-23T00:20:02+00:00 2025-01-23T00:20:02+00:00 Soumya Sambu soumya.sambu@windriver.com 2025-01-10T13:17:53+00:00 urn:sha1:580693f8b9e0e27ba984d83e3e4b4b8a749b8480 An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. References: https://nvd.nist.gov/vuln/detail/CVE-2024-38875 https://github.com/advisories/GHSA-qg2p-9jwr-mmqf Upstream-patch: https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>