summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-django-5.0.14/CVE-2025-59681.patch
Commit message (Collapse)AuthorAgeFilesLines
* python3-django: fix CVE-2025-59681Haixiao Yan2026-04-151-0/+178
QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods on MySQL and MariaDB. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-59681 Upstream-patch: https://github.com/django/django/commit/38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5 Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-05-10 13:05:52 +0000