python3-django: Fix CVE-2024-45230

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45230 Upstream-patch: https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Soumya Sambu <soumya.sambu@windriver.com> 2025-01-10 13:18:00 +0000
committer: Armin Kuster <akuster808@gmail.com> 2025-01-22 19:23:02 -0500
commit: b4feba446d7a8f8232528c4b2ee936e5b98ced3d (patch)
tree: 6c0bdb1b0ca864a54fdd5de45ddce37dcdfab2cd /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent: aa9e8a5557adbd25b5ebaa090c0843dc6b042f1d (diff)
download: meta-openembedded-b4feba446d7a8f8232528c4b2ee936e5b98ced3d.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index b46fdfc42b..275a61622d 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -21,6 +21,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2024-41989-0004.patch \
            file://CVE-2024-41990.patch \
            file://CVE-2024-41991.patch \
+            file://CVE-2024-45230.patch \
           "
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
author	Soumya Sambu <soumya.sambu@windriver.com>	2025-01-10 13:18:00 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:23:02 -0500
commit	b4feba446d7a8f8232528c4b2ee936e5b98ced3d (patch)
tree	6c0bdb1b0ca864a54fdd5de45ddce37dcdfab2cd /meta-python/recipes-devtools/python/python3-django_2.2.28.bb
parent	aa9e8a5557adbd25b5ebaa090c0843dc6b042f1d (diff)
download	meta-openembedded-b4feba446d7a8f8232528c4b2ee936e5b98ced3d.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index b46fdfc42b..275a61622d 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -21,6 +21,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
21	file://CVE-2024-41989-0004.patch \	21	file://CVE-2024-41989-0004.patch \
22	file://CVE-2024-41990.patch \	22	file://CVE-2024-41990.patch \
23	file://CVE-2024-41991.patch \	23	file://CVE-2024-41991.patch \
		24	file://CVE-2024-45230.patch \
24	"	25	"
25		26
26	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"	27	SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"