summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-57833.patch
Commit message (Collapse)AuthorAgeFilesLines
* python3-django: fix CVE-2025-57833Haixiao Yan2026-04-151-0/+88
FilteredRelation was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-57833 Upstream-patch: https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92 Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>