python3-django: Fix CVE-2024-39614

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-39614 Upstream-patch: https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2025-01-10 13:17:56 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-01-22 19:20:12 -0500
commit: 91d60c9b0aafc368acdc034cc5f86fdf7d0a3343 (patch)
tree: 47b2fe23038a8e8afe84b6fb42599a64aabd418d /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: e13c721bed30ec9ab67a6c802314b3fb2cd97831 (diff)
download: meta-openembedded-91d60c9b0aafc368acdc034cc5f86fdf7d0a3343.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index d8fc147f19..d06f48b1b7 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -14,6 +14,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2024-42005.patch \
            file://CVE-2024-38875.patch \
            file://CVE-2023-23969.patch \
+            file://CVE-2024-39614.patch \
           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Soumya Sambu <soumya.sambu@windriver.com>	2025-01-10 13:17:56 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:20:12 -0500
commit	91d60c9b0aafc368acdc034cc5f86fdf7d0a3343 (patch)
tree	47b2fe23038a8e8afe84b6fb42599a64aabd418d /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	e13c721bed30ec9ab67a6c802314b3fb2cd97831 (diff)
download	meta-openembedded-91d60c9b0aafc368acdc034cc5f86fdf7d0a3343.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index d8fc147f19..d06f48b1b7 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -14,6 +14,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
14	file://CVE-2024-42005.patch \	14	file://CVE-2024-42005.patch \
15	file://CVE-2024-38875.patch \	15	file://CVE-2024-38875.patch \
16	file://CVE-2023-23969.patch \	16	file://CVE-2023-23969.patch \
		17	file://CVE-2024-39614.patch \
17	"	18	"
18		19
19	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	20	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"