python3-django: Fix CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The
floatformat template filter is subject to significant memory consumption when
given a string representation of a number in scientific notation with a large
exponent.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41989

Upstream-patches:
https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124
https://github.com/django/django/commit/4b066bde692078b194709d517b27e55defae787c
https://github.com/django/django/commit/dcd974698301a38081c141ccba6dcafa5ed2c80e
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index d06f48b1b7..dc7e12ad73 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -15,6 +15,10 @@ SRC_URI += "file://CVE-2023-31047.patch \
             file://CVE-2024-38875.patch \
             file://CVE-2023-23969.patch \
             file://CVE-2024-39614.patch \
+            file://CVE-2024-41989-0001.patch \
+            file://CVE-2024-41989-0002.patch \
+            file://CVE-2024-41989-0003.patch \
+            file://CVE-2024-41989-0004.patch \
            "
 
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"