python3-django: Fix CVE-2024-39614

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-39614 Upstream-patch: 17358fb35f Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-05-06 16:58:24 +00:00 · 2025-01-10 13:17:56 +00:00
parent e13c721bed
commit 91d60c9b0a
2 changed files with 139 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -14,6 +14,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2024-42005.patch \
            file://CVE-2024-38875.patch \
            file://CVE-2023-23969.patch \
+            file://CVE-2024-39614.patch \
           "

 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"