python3-django: Fix CVE-2024-42005

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. References: https://nvd.nist.gov/vuln/detail/CVE-2024-42005 Upstream-patch: https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2024-08-25 15:59:14 +0000
committer: Armin Kuster <akuster808@gmail.com> 2024-08-25 18:12:26 -0400
commit: 376f3a1aba9f20e7f87005b939ec0ee5931705c1 (patch)
tree: c7bb20be96b8c600036f74c11e01840c353a6879 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: b2ad711bcfd910afc0a97cb661a2ce05a530cb39 (diff)
download: meta-openembedded-376f3a1aba9f20e7f87005b939ec0ee5931705c1.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index cbd2c69c05..7f5861f5d3 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -11,6 +11,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2023-43665.patch \
            file://CVE-2023-46695.patch \
            file://CVE-2024-24680.patch \
+            file://CVE-2024-42005.patch \
           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Soumya Sambu <soumya.sambu@windriver.com>	2024-08-25 15:59:14 +0000
committer	Armin Kuster <akuster808@gmail.com>	2024-08-25 18:12:26 -0400
commit	376f3a1aba9f20e7f87005b939ec0ee5931705c1 (patch)
tree	c7bb20be96b8c600036f74c11e01840c353a6879 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	b2ad711bcfd910afc0a97cb661a2ce05a530cb39 (diff)
download	meta-openembedded-376f3a1aba9f20e7f87005b939ec0ee5931705c1.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index cbd2c69c05..7f5861f5d3 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -11,6 +11,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
11	file://CVE-2023-43665.patch \	11	file://CVE-2023-43665.patch \
12	file://CVE-2023-46695.patch \	12	file://CVE-2023-46695.patch \
13	file://CVE-2024-24680.patch \	13	file://CVE-2024-24680.patch \
		14	file://CVE-2024-42005.patch \
14	"	15	"
15		16
16	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	17	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"