mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-04-17 22:48:28 +00:00
Code Issues Projects Releases Wiki Activity

python3-django: fix for CVE-2023-31047

Browse Source 
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1,
it was possible to bypass validation when using one form field to
upload multiple files. This multiple upload has never been supported
by forms.FileField or forms.ImageField (only the last uploaded file was
validated). However, Django's "Uploading multiple files" documentation
suggested otherwise.

Since, there is no ptest available for python3-django so have not tested
the patch changes at runtime.

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Narpat Mali
2023-05-26 13:41:37 +00:00
committed by Armin Kuster
parent 26b9ab59fc
commit e43d068788
2 changed files with 354 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta-python/recipes-devtools/python/python3-django_2.2.28.bb
View File

@@ -5,6 +5,8 @@ UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/"
inherit setuptools3
SRC_URI += "file://CVE-2023-31047.patch"
SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
RDEPENDS:${PN} += "\