python3-django: Fix CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-53907 Upstream-patch: https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2025-01-10 13:18:02 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-01-22 19:23:09 -0500
commit: 954acdcf1b7306654dc4aba36a2c423d64ee5a80 (patch)
tree: b578ac15e489dd609e31592f15ce5359503c0037 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: be168328f84eef8007cc8e3f9c2e08c59b036b9d (diff)
download: meta-openembedded-954acdcf1b7306654dc4aba36a2c423d64ee5a80.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 4444d943cf..0478fd3883 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -23,6 +23,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2024-41991.patch \
            file://CVE-2024-45230.patch \
            file://CVE-2024-45231.patch \
+            file://CVE-2024-53907.patch \
           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Soumya Sambu <soumya.sambu@windriver.com>	2025-01-10 13:18:02 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:23:09 -0500
commit	954acdcf1b7306654dc4aba36a2c423d64ee5a80 (patch)
tree	b578ac15e489dd609e31592f15ce5359503c0037 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	be168328f84eef8007cc8e3f9c2e08c59b036b9d (diff)
download	meta-openembedded-954acdcf1b7306654dc4aba36a2c423d64ee5a80.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index 4444d943cf..0478fd3883 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -23,6 +23,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
23	file://CVE-2024-41991.patch \	23	file://CVE-2024-41991.patch \
24	file://CVE-2024-45230.patch \	24	file://CVE-2024-45230.patch \
25	file://CVE-2024-45231.patch \	25	file://CVE-2024-45231.patch \
		26	file://CVE-2024-53907.patch \
26	"	27	"
27		28
28	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	29	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"