From be168328f84eef8007cc8e3f9c2e08c59b036b9d Mon Sep 17 00:00:00 2001
From: Soumya Sambu <soumya.sambu@windriver.com>
Date: Fri, 10 Jan 2025 13:18:01 +0000
Subject: python3-django: Fix CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The
django.contrib.auth.forms.PasswordResetForm class, when used in a view
implementing password reset flows, allows remote attackers to enumerate
user e-mail addresses by sending password reset requests and observing
the outcome (only when e-mail sending is consistently failing).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45231

Upstream-patch:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-python/recipes-devtools/python/python3-django_2.2.28.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta-python/recipes-devtools/python/python3-django_2.2.28.bb')

diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
index 275a61622d..4444d943cf 100644
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -22,6 +22,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
             file://CVE-2024-41990.patch \
             file://CVE-2024-41991.patch \
             file://CVE-2024-45230.patch \
+            file://CVE-2024-45231.patch \
            "
 
 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
-- 
cgit v1.2.3-54-g00ecf