python3-django: fix CVE-2025-64459 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Haixiao Yan <haixiao.yan.cn@windriver.com>	2025-12-18 10:43:31 +0800
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-18 09:10:52 +0100
commit	0d509157592d7dae633276bac651c1edaf2e0f08 (patch)
tree	41246894ce0302c0cc18a0d6941d779e74f36d42 /meta-python/recipes-devtools/python/python3-simpleeval
parent	8611f92c20ba3aab57f3586a6a2e3b9cd1fe00c7 (diff)
download	meta-openembedded-0d509157592d7dae633276bac651c1edaf2e0f08.tar.gz

python3-django: fix CVE-2025-64459

The methods QuerySet.filter(), QuerySet.exclude(), and QuerySet.get(), and the class Q() were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the _connector argument. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-64459 https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html Upstream-patch: https://github.com/django/django/commit/98e642c69181c942d60a10ca0085d48c6b3068bb Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-simpleeval')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: