mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 17:59:59 +00:00
Haixiao Yan
838ca22808
FilteredRelation was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-57833 Upstream-patch: https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92 Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
18 lines
547 B
BlitzBasic
18 lines
547 B
BlitzBasic
require python-django.inc
|
|
inherit setuptools3
|
|
|
|
# Windows-specific DoS via NFKC normalization, not applicable to Linux
|
|
CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Windows"
|
|
|
|
SRC_URI += "file://CVE-2025-64460.patch \
|
|
file://CVE-2025-64459-1.patch \
|
|
file://CVE-2025-64459-2.patch \
|
|
file://CVE-2025-57833.patch \
|
|
"
|
|
SRC_URI[sha256sum] = "29019a5763dbd48da1720d687c3522ef40d1c61be6fb2fad27ed79e9f655bc11"
|
|
|
|
RDEPENDS:${PN} += "\
|
|
python3-sqlparse \
|
|
python3-asgiref \
|
|
"
|