python3-django: fix CVE-2025-64459

The methods QuerySet.filter(), QuerySet.exclude(), and QuerySet.get(), and the class Q() were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the _connector argument. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-64459 https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html Upstream-patch: https://github.com/django/django/commit/98e642c69181c942d60a10ca0085d48c6b3068bb Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Haixiao Yan <haixiao.yan.cn@windriver.com> 2025-12-18 10:43:31 +0800
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-18 09:10:52 +0100
commit: 0d509157592d7dae633276bac651c1edaf2e0f08 (patch)
tree: 41246894ce0302c0cc18a0d6941d779e74f36d42 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: 8611f92c20ba3aab57f3586a6a2e3b9cd1fe00c7 (diff)
download: meta-openembedded-0d509157592d7dae633276bac651c1edaf2e0f08.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 87830e4bc3..24b86a3e26 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -31,6 +31,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2024-39329.patch \
            file://CVE-2024-39330.patch \
            file://CVE-2025-32873.patch \
+            file://CVE-2025-64459.patch \
           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Haixiao Yan <haixiao.yan.cn@windriver.com>	2025-12-18 10:43:31 +0800
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-18 09:10:52 +0100
commit	0d509157592d7dae633276bac651c1edaf2e0f08 (patch)
tree	41246894ce0302c0cc18a0d6941d779e74f36d42 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	8611f92c20ba3aab57f3586a6a2e3b9cd1fe00c7 (diff)
download	meta-openembedded-0d509157592d7dae633276bac651c1edaf2e0f08.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index 87830e4bc3..24b86a3e26 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -31,6 +31,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
31	file://CVE-2024-39329.patch \	31	file://CVE-2024-39329.patch \
32	file://CVE-2024-39330.patch \	32	file://CVE-2024-39330.patch \
33	file://CVE-2025-32873.patch \	33	file://CVE-2025-32873.patch \
		34	file://CVE-2025-64459.patch \
34	"	35	"
35		36
36	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	37	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"