python3-django: Fix CVE-2024-38875

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. References: https://nvd.nist.gov/vuln/detail/CVE-2024-38875 https://github.com/advisories/GHSA-qg2p-9jwr-mmqf Upstream-patch: https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2025-01-10 13:17:53 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-01-22 19:20:02 -0500
commit: 580693f8b9e0e27ba984d83e3e4b4b8a749b8480 (patch)
tree: c6a8f7ee7bc81aeb9b6bd2b537b27d6f8c8953d0 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: ff5e933e58384b180a339fb8808478db1ff4ade7 (diff)
download: meta-openembedded-580693f8b9e0e27ba984d83e3e4b4b8a749b8480.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 7f5861f5d3..f082de9d72 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2023-46695.patch \
            file://CVE-2024-24680.patch \
            file://CVE-2024-42005.patch \
+            file://CVE-2024-38875.patch \
           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Soumya Sambu <soumya.sambu@windriver.com>	2025-01-10 13:17:53 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:20:02 -0500
commit	580693f8b9e0e27ba984d83e3e4b4b8a749b8480 (patch)
tree	c6a8f7ee7bc81aeb9b6bd2b537b27d6f8c8953d0 /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	ff5e933e58384b180a339fb8808478db1ff4ade7 (diff)
download	meta-openembedded-580693f8b9e0e27ba984d83e3e4b4b8a749b8480.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index 7f5861f5d3..f082de9d72 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
12	file://CVE-2023-46695.patch \	12	file://CVE-2023-46695.patch \
13	file://CVE-2024-24680.patch \	13	file://CVE-2024-24680.patch \
14	file://CVE-2024-42005.patch \	14	file://CVE-2024-42005.patch \
		15	file://CVE-2024-38875.patch \
15	"	16	"
16		17
17	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	18	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"