python3-django: Fix CVE-2024-41989

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41989 Upstream-patches: 08c5a78726 4b066bde69 dcd9746983 fc76660f58 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-05-06 16:58:24 +00:00 · 2025-01-10 13:17:57 +00:00
parent 91d60c9b0a
commit 46701493ac
5 changed files with 238 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -15,6 +15,10 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2024-38875.patch \
            file://CVE-2023-23969.patch \
            file://CVE-2024-39614.patch \
+            file://CVE-2024-41989-0001.patch \
+            file://CVE-2024-41989-0002.patch \
+            file://CVE-2024-41989-0003.patch \
+            file://CVE-2024-41989-0004.patch \
           "

 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"