mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

python3-django: fix CVE-2025-57833

Browse Source 
FilteredRelation was subject to SQL injection in column aliases, using a
suitably crafted dictionary, with dictionary expansion, as the **kwargs
passed QuerySet.annotate() or QuerySet.alias().

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-57833

Upstream-patch:
https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Haixiao Yan
2026-04-10 15:05:06 +08:00
committed by Anuj Mittal
parent 6f240eceb0
commit 838ca22808
2 changed files with 89 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-django_5.0.14.bb
+1
View File
@@ -7,6 +7,7 @@ CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Win
SRC_URI += "file://CVE-2025-64460.patch \
file://CVE-2025-64459-1.patch \
file://CVE-2025-64459-2.patch \
file://CVE-2025-57833.patch \
"
SRC_URI[sha256sum] = "29019a5763dbd48da1720d687c3522ef40d1c61be6fb2fad27ed79e9f655bc11"