meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-31 09:40:23 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Narpat Mali	ac60beb44f	python3-django: fix CVE-2023-36053 In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://github.com/advisories/GHSA-jh3w-4vvf-mjgr `454f2fb934` Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2023-08-25 10:45:34 -04:00
Narpat Mali	e43d068788	python3-django: fix for CVE-2023-31047 In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2023-06-17 13:49:44 -04:00
Xu Huan	bc92c3e718	python3-django: upgrade 2.2.27 -> 2.2.28 Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <tvgamblin@gmail.com>	2022-04-22 16:26:22 +00:00

Narpat Mali

ac60beb44f

python3-django: fix CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3,
EmailValidator and URLValidator are subject to a potential ReDoS
(regular expression denial of service) attack via a very large
number of domain name labels of emails and URLs.

Since, there is no ptest available for python3-django so have not
tested the patch changes at runtime.

References:
https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
454f2fb934

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2023-08-25 10:45:34 -04:00

Narpat Mali

e43d068788

python3-django: fix for CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1,
it was possible to bypass validation when using one form field to
upload multiple files. This multiple upload has never been supported
by forms.FileField or forms.ImageField (only the last uploaded file was
validated). However, Django's "Uploading multiple files" documentation
suggested otherwise.

Since, there is no ptest available for python3-django so have not tested
the patch changes at runtime.

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2023-06-17 13:49:44 -04:00

Xu Huan

bc92c3e718

python3-django: upgrade 2.2.27 -> 2.2.28

Signed-off-by: Xu Huan <xuhuan.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <tvgamblin@gmail.com>

2022-04-22 16:26:22 +00:00

3 Commits