python3-django: fix CVE-2024-24680

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://security-tracker.debian.org/tracker/CVE-2024-24680 https://docs.djangoproject.com/en/dev/releases/4.2.10/ Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> 2024-04-16 10:40:54 +0000
committer: Armin Kuster <akuster808@gmail.com> 2024-04-28 13:10:23 -0400
commit: ac06a6540499c2492c6f4eb87481ba4df83a21cb (patch)
tree: 0a1ee908001f0cc49019738b0b1f992d24a82d9d /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: bd7b2ebf21b4b9e382d05b685aba18a08b224249 (diff)
download: meta-openembedded-ac06a6540499c2492c6f4eb87481ba4df83a21cb.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 8c955e6bd8..cbd2c69c05 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2023-41164.patch \
            file://CVE-2023-43665.patch \
            file://CVE-2023-46695.patch \
+            file://CVE-2024-24680.patch \
           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Rahul Janani Pandi <RahulJanani.Pandi@windriver.com>	2024-04-16 10:40:54 +0000
committer	Armin Kuster <akuster808@gmail.com>	2024-04-28 13:10:23 -0400
commit	ac06a6540499c2492c6f4eb87481ba4df83a21cb (patch)
tree	0a1ee908001f0cc49019738b0b1f992d24a82d9d /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	bd7b2ebf21b4b9e382d05b685aba18a08b224249 (diff)
download	meta-openembedded-ac06a6540499c2492c6f4eb87481ba4df83a21cb.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index 8c955e6bd8..cbd2c69c05 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
10	file://CVE-2023-41164.patch \	10	file://CVE-2023-41164.patch \
11	file://CVE-2023-43665.patch \	11	file://CVE-2023-43665.patch \
12	file://CVE-2023-46695.patch \	12	file://CVE-2023-46695.patch \
		13	file://CVE-2024-24680.patch \
13	"	14	"
14		15
15	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	16	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"