python3-django: fix CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://github.com/advisories/GHSA-jh3w-4vvf-mjgr https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582 Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Narpat Mali <narpat.mali@windriver.com> 2023-07-28 08:13:18 +0000
committer: Armin Kuster <akuster808@gmail.com> 2023-08-25 10:45:34 -0400
commit: ac60beb44f62181ce48134bac61d89b7c0f4476f (patch)
tree: 061a6b35081803e3fef0139bd63cbe575b8a2636 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: 99a5eb7a173377c20fc5822896272b0f21edffe0 (diff)
download: meta-openembedded-ac60beb44f62181ce48134bac61d89b7c0f4476f.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 77a1a2a740..ec65a985da 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -5,7 +5,9 @@ UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/"
 inherit setuptools3
-SRC_URI += "file://CVE-2023-31047.patch"
+SRC_URI += "file://CVE-2023-31047.patch \
+            file://CVE-2023-36053.patch \
+           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Narpat Mali <narpat.mali@windriver.com>	2023-07-28 08:13:18 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-08-25 10:45:34 -0400
commit	ac60beb44f62181ce48134bac61d89b7c0f4476f (patch)
tree	061a6b35081803e3fef0139bd63cbe575b8a2636 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	99a5eb7a173377c20fc5822896272b0f21edffe0 (diff)
download	meta-openembedded-ac60beb44f62181ce48134bac61d89b7c0f4476f.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index 77a1a2a740..ec65a985da 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -5,7 +5,9 @@ UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/"
5		5
6	inherit setuptools3	6	inherit setuptools3
7		7
8	SRC_URI += "file://CVE-2023-31047.patch"	8	SRC_URI += "file://CVE-2023-31047.patch \
		9	file://CVE-2023-36053.patch \
		10	"
9		11
10	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	12	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
11		13