meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-04-11 08:38:28 +00:00

Commit Graph

Author	SHA1	Message	Date
Anil Dongare	07810b11ef	python3-django 5.0.11: Fix CVE-2025-26699 Upstream Repository: https://github.com/django/django.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26699 Type: Security Fix CVE: CVE-2025-26699 Score: 7.5 Patch: https://github.com/django/django/commit/e88f7376fe68 Signed-off-by: Anil Dongare <adongare@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-11-12 11:28:54 +05:30
Anil Dongare	e8a6ea8f4b	python3-django 5.0.11: ignore CVE-2025-27556 Upstream Repository: https://github.com/django/django.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27556 Type: Security Advisory CVE: CVE-2025-27556 Score: 7.5 Analysis: - CVE-2025-27556 affects Django 5.1 before 5.1.8 and 5.0 before 5.0.14. - The issue occurs due to slow NFKC normalization on Windows, which can cause a denial-of-service (DoS) when handling inputs containing a very large number of Unicode characters. - Affected Django components: django.contrib.auth.views.LoginView django.contrib.auth.views.LogoutView django.views.i18n.set_language - This performance degradation is specific to Windows, caused by the Windows Unicode normalization implementation. Reference: - https://nvd.nist.gov/vuln/detail/CVE-2025-27556 - https://github.com/django/django/commit/2cb311f7b069 Signed-off-by: Anil Dongare <adongare@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-11-12 11:28:54 +05:30
Soumya Sambu	a4a48c8f4b	python3-django: upgrade 5.0.10 -> 5.0.11 Fixes CVE-2024-56374 Release Notes: https://docs.djangoproject.com/en/dev/releases/5.0.11/ Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2025-03-03 08:05:00 -05:00

Author

SHA1

Message

Date

Anil Dongare

07810b11ef

python3-django 5.0.11: Fix CVE-2025-26699

Upstream Repository: https://github.com/django/django.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26699
Type: Security Fix
CVE: CVE-2025-26699
Score: 7.5
Patch: https://github.com/django/django/commit/e88f7376fe68

Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

2025-11-12 11:28:54 +05:30

Anil Dongare

e8a6ea8f4b

python3-django 5.0.11: ignore CVE-2025-27556

Upstream Repository: https://github.com/django/django.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27556
Type: Security Advisory
CVE: CVE-2025-27556
Score: 7.5

Analysis:
- CVE-2025-27556 affects Django 5.1 before 5.1.8 and 5.0 before 5.0.14.
- The issue occurs due to slow NFKC normalization on Windows, which can cause
  a denial-of-service (DoS) when handling inputs containing a very large number
  of Unicode characters.
- Affected Django components:
	django.contrib.auth.views.LoginView
	django.contrib.auth.views.LogoutView
	django.views.i18n.set_language

- This performance degradation is specific to Windows, caused by the Windows
  Unicode normalization implementation.

 Reference:
 - https://nvd.nist.gov/vuln/detail/CVE-2025-27556
 - https://github.com/django/django/commit/2cb311f7b069

Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

2025-11-12 11:28:54 +05:30

Soumya Sambu

a4a48c8f4b

python3-django: upgrade 5.0.10 -> 5.0.11

Fixes CVE-2024-56374

Release Notes:
https://docs.djangoproject.com/en/dev/releases/5.0.11/

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2025-03-03 08:05:00 -05:00

3 Commits