python3-django: Fix CVE-2024-38875

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. References: https://nvd.nist.gov/vuln/detail/CVE-2024-38875 https://github.com/advisories/GHSA-qg2p-9jwr-mmqf Upstream-patch: 79f3687642 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-17 22:48:28 +00:00 · 2025-01-10 13:17:53 +00:00
parent ff5e933e58
commit 580693f8b9
2 changed files with 162 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2023-46695.patch \
            file://CVE-2024-24680.patch \
            file://CVE-2024-42005.patch \
+            file://CVE-2024-38875.patch \
           "

 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"