python3-django: fix CVE-2025-64459 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Haixiao Yan <haixiao.yan.cn@windriver.com>	2026-04-10 15:04:59 +0800
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-04-15 14:10:33 +0530
commit	151e634ed297eec8d9b269c2b08001fd76f4cc62 (patch)
tree	2cc93ce861031d31ac3dcbf6e28df3d01b3bf02e /meta-python/recipes-devtools/python/python3-strenum
parent	c14dcffcd77b7b9d0d1f3473f98d51ffe2b166e9 (diff)
download	meta-openembedded-151e634ed297eec8d9b269c2b08001fd76f4cc62.tar.gz

python3-django: fix CVE-2025-64459

The methods QuerySet.filter(), QuerySet.exclude(), and QuerySet.get(), and the class Q() were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the _connector argument. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-64459 https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html Upstream-patch: https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241 https://github.com/django/django/commit/4624ed769c0f7caea0d48ac824a75fa6b6f17671 Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-strenum')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: