python3-django 5.0.11: ignore CVE-2025-27556

Upstream Repository: https://github.com/django/django.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27556 Type: Security Advisory CVE: CVE-2025-27556 Score: 7.5 Analysis: - CVE-2025-27556 affects Django 5.1 before 5.1.8 and 5.0 before 5.0.14. - The issue occurs due to slow NFKC normalization on Windows, which can cause a denial-of-service (DoS) when handling inputs containing a very large number of Unicode characters. - Affected Django components: django.contrib.auth.views.LoginView django.contrib.auth.views.LogoutView django.views.i18n.set_language - This performance degradation is specific to Windows, caused by the Windows Unicode normalization implementation. Reference: - https://nvd.nist.gov/vuln/detail/CVE-2025-27556 - https://github.com/django/django/commit/2cb311f7b069 Signed-off-by: Anil Dongare <adongare@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
author: Anil Dongare <adongare@cisco.com> 2025-11-07 02:21:14 -0800
committer: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2025-11-12 11:28:54 +0530
commit: e8a6ea8f4b8c9e7973a6e9e21afaa8eeb989fc35 (patch)
tree: 01d891d99290a9bcc39f9fd9bac716007b8456d5 /meta-python/recipes-devtools/python
parent: f029d9802632a9a5ab0f6944bc00e7e1f596eb65 (diff)
download: meta-openembedded-e8a6ea8f4b8c9e7973a6e9e21afaa8eeb989fc35.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-django_5.0.11.bb b/meta-python/recipes-devtools/python/python3-django_5.0.11.bb
index 5060f3c9ad..43be30c7ec 100644
--- a/meta-python/recipes-devtools/python/python3-django_5.0.11.bb
+++ b/meta-python/recipes-devtools/python/python3-django_5.0.11.bb
@@ -1,6 +1,9 @@
 require python-django.inc
 inherit setuptools3
+# Windows-specific DoS via NFKC normalization, not applicable to Linux
+CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Windows"
 SRC_URI[sha256sum] = "e7d98fa05ce09cb3e8d5ad6472fb602322acd1740bfdadc29c8404182d664f65"
 RDEPENDS:${PN} += "\
author	Anil Dongare <adongare@cisco.com>	2025-11-07 02:21:14 -0800
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-11-12 11:28:54 +0530
commit	e8a6ea8f4b8c9e7973a6e9e21afaa8eeb989fc35 (patch)
tree	01d891d99290a9bcc39f9fd9bac716007b8456d5 /meta-python/recipes-devtools/python
parent	f029d9802632a9a5ab0f6944bc00e7e1f596eb65 (diff)
download	meta-openembedded-e8a6ea8f4b8c9e7973a6e9e21afaa8eeb989fc35.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-django_5.0.11.bb b/meta-python/recipes-devtools/python/python3-django_5.0.11.bb index 5060f3c9ad..43be30c7ec 100644 --- a/meta-python/recipes-devtools/python/python3-django_5.0.11.bb +++ b/meta-python/recipes-devtools/python/python3-django_5.0.11.bb
@@ -1,6 +1,9 @@
1	require python-django.inc	1	require python-django.inc
2	inherit setuptools3	2	inherit setuptools3
3		3
		4	# Windows-specific DoS via NFKC normalization, not applicable to Linux
		5	CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Windows"
		6
4	SRC_URI[sha256sum] = "e7d98fa05ce09cb3e8d5ad6472fb602322acd1740bfdadc29c8404182d664f65"	7	SRC_URI[sha256sum] = "e7d98fa05ce09cb3e8d5ad6472fb602322acd1740bfdadc29c8404182d664f65"
5		8
6	RDEPENDS:${PN} += "\	9	RDEPENDS:${PN} += "\