python3-django: fix CVE-2024-24680

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://security-tracker.debian.org/tracker/CVE-2024-24680 https://docs.djangoproject.com/en/dev/releases/4.2.10/ Signed-off-by: Rahul Janani Pandi <RahulJanani.Pandi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-05-06 04:49:29 +00:00 · 2024-04-16 10:40:54 +00:00
parent bd7b2ebf21
commit ac06a65404
2 changed files with 49 additions and 0 deletions
--- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
+++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://CVE-2023-31047.patch \
            file://CVE-2023-41164.patch \
            file://CVE-2023-43665.patch \
            file://CVE-2023-46695.patch \
+            file://CVE-2024-24680.patch \
           "

 SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"