python3-django: fix CVE-2025-59681 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Haixiao Yan <haixiao.yan.cn@windriver.com>	2026-04-10 15:05:07 +0800
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-04-15 14:12:18 +0530
commit	9757d0151b92601c4c6fd05baf7e328afa000213 (patch)
tree	81f0600f78ce53bb03ec284351b4032b044c5bff /meta-python/recipes-devtools/python/python3-icu
parent	838ca228086821cf82b3de83fb78412c6d2784c8 (diff)
download	meta-openembedded-9757d0151b92601c4c6fd05baf7e328afa000213.tar.gz

python3-django: fix CVE-2025-59681

QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods on MySQL and MariaDB. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-59681 Upstream-patch: https://github.com/django/django/commit/38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5 Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-icu')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: