mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-12 15:31:45 +00:00
Code Issues Projects Releases Wiki Activity
Files
60fd91cd76b81ab2a652ff40dadb6df76c3099c4
meta-openembedded/meta-python/recipes-devtools/python/python3-django_2.2.28.bb
Soumya Sambu 376f3a1aba python3-django: Fix CVE-2024-42005 
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
QuerySet.values() and values_list() methods on models with a JSONField are
subject to SQL injection in column aliases via a crafted JSON object key
as a passed *arg.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-42005

Upstream-patch:
f4af67b9b4

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-08-25 18:12:26 -04:00

22 lines
612 B
BlitzBasic
Raw Blame History

require python-django.inc
# Pin to 2.2.x LTS releases ONLY for this recipe
UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/"
inherit setuptools3
SRC_URI += "file://CVE-2023-31047.patch \
file://CVE-2023-36053.patch \
file://CVE-2023-41164.patch \
file://CVE-2023-43665.patch \
file://CVE-2023-46695.patch \
file://CVE-2024-24680.patch \
file://CVE-2024-42005.patch \
"
SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"
RDEPENDS:${PN} += "\
${PYTHON_PN}-sqlparse \
"
Reference in New Issue View Git Blame Copy Permalink