python3-django: Fix CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. References: https://nvd.nist.gov/vuln/detail/CVE-2023-23969 Upstream-patch: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2025-01-10 13:17:55 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-01-22 19:20:09 -0500
commit: e13c721bed30ec9ab67a6c802314b3fb2cd97831 (patch)
tree: c735d5063d6409990e8bdcc6dbd7d952709289eb /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: 59ebd5b114dc6215e24a48991bd28f7320b7a055 (diff)
download: meta-openembedded-e13c721bed30ec9ab67a6c802314b3fb2cd97831.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index f082de9d72..d8fc147f19 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -13,6 +13,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2024-24680.patch \
            file://CVE-2024-42005.patch \
            file://CVE-2024-38875.patch \
+            file://CVE-2023-23969.patch \
           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Soumya Sambu <soumya.sambu@windriver.com>	2025-01-10 13:17:55 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:20:09 -0500
commit	e13c721bed30ec9ab67a6c802314b3fb2cd97831 (patch)
tree	c735d5063d6409990e8bdcc6dbd7d952709289eb /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	59ebd5b114dc6215e24a48991bd28f7320b7a055 (diff)
download	meta-openembedded-e13c721bed30ec9ab67a6c802314b3fb2cd97831.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index f082de9d72..d8fc147f19 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -13,6 +13,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
13	file://CVE-2024-24680.patch \	13	file://CVE-2024-24680.patch \
14	file://CVE-2024-42005.patch \	14	file://CVE-2024-42005.patch \
15	file://CVE-2024-38875.patch \	15	file://CVE-2024-38875.patch \
		16	file://CVE-2023-23969.patch \
16	"	17	"
17		18
18	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	19	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"