mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-02-17 15:20:32 +00:00
Code Issues Projects Releases Wiki Activity

python3-django: fix CVE-2021-28658

Browse Source 
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658

Upstream patches:
4036d62bda

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Stefan Ghinea
2021-04-23 11:53:56 +08:00
committed by Armin Kuster
parent e2aef4022a
commit aef354a0c2
2 changed files with 291 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta-python/recipes-devtools/python/python3-django_2.2.16.bb
View File

@@ -7,3 +7,5 @@ SRC_URI[sha256sum] = "62cf45e5ee425c52e411c0742e641a6588b7e8af0d2c274a27940931b2
RDEPENDS_${PN} += "\
${PYTHON_PN}-sqlparse \
"
SRC_URI += "file://CVE-2021-28658.patch \
"