mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-15 06:10:02 +00:00
Code Issues Projects Releases Wiki Activity
Files
91c3393ce06dbe9716c55b28d5ded68de5d147f9
meta-openembedded/meta-python/recipes-devtools/python/python3-django-5.0.14
T
History
Haixiao Yan 9757d0151b python3-django: fix CVE-2025-59681 
QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and
QuerySet.extra() methods were subject to SQL injection in column aliases, using
a suitably crafted dictionary, with dictionary expansion, as the **kwargs
passed to these methods on MySQL and MariaDB.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-59681

Upstream-patch:
https://github.com/django/django/commit/38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-15 14:12:18 +05:30
..
CVE-2025-57833.patch
python3-django: fix CVE-2025-57833
2026-04-15 14:12:18 +05:30
CVE-2025-59681.patch
python3-django: fix CVE-2025-59681
2026-04-15 14:12:18 +05:30
CVE-2025-64459-1.patch
python3-django: fix CVE-2025-64459
2026-04-15 14:10:33 +05:30
CVE-2025-64459-2.patch
python3-django: fix CVE-2025-64459
2026-04-15 14:10:33 +05:30
CVE-2025-64460.patch