python3-django: patch CVE-2025-64460

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64460 Backport the patch that explicitly references this CVE in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-11 20:48:21 +00:00 · 2026-02-07 11:33:53 +01:00
parent ba968dda37
commit 4e29baa804
2 changed files with 200 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-django_5.0.14.bb
+++ b/meta-python/recipes-devtools/python/python3-django_5.0.14.bb
@@ -4,6 +4,7 @@ inherit setuptools3
 # Windows-specific DoS via NFKC normalization, not applicable to Linux
 CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Windows"

+SRC_URI += "file://CVE-2025-64460.patch"
 SRC_URI[sha256sum] = "29019a5763dbd48da1720d687c3522ef40d1c61be6fb2fad27ed79e9f655bc11"

 RDEPENDS:${PN} += "\