mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-15 16:31:33 +00:00
Code Issues Projects Releases Wiki Activity
Files
4da92ed9be41734f6ced46b981958e2e868cbff2
meta-openembedded/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
Narpat Mali e43d068788 python3-django: fix for CVE-2023-31047 
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1,
it was possible to bypass validation when using one form field to
upload multiple files. This multiple upload has never been supported
by forms.FileField or forms.ImageField (only the last uploaded file was
validated). However, Django's "Uploading multiple files" documentation
suggested otherwise.

Since, there is no ptest available for python3-django so have not tested
the patch changes at runtime.

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2023-06-17 13:49:44 -04:00

15 lines
346 B
BlitzBasic
Raw Blame History

require python-django.inc
# Pin to 2.2.x LTS releases ONLY for this recipe
UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/"
inherit setuptools3
SRC_URI += "file://CVE-2023-31047.patch"
SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
RDEPENDS:${PN} += "\
${PYTHON_PN}-sqlparse \
"
Reference in New Issue View Git Blame Copy Permalink