meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-27 12:01:38 +01:00

History

Narpat Mali ac60beb44f python3-django: fix CVE-2023-36053 In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. Since, there is no ptest available for python3-django so have not tested the patch changes at runtime. References: https://github.com/advisories/GHSA-jh3w-4vvf-mjgr `454f2fb934` Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2023-08-25 10:45:34 -04:00
..
CVE-2023-31047.patch	python3-django: fix for CVE-2023-31047	2023-06-17 13:49:44 -04:00
CVE-2023-36053.patch	python3-django: fix CVE-2023-36053	2023-08-25 10:45:34 -04:00

Narpat Mali ac60beb44f python3-django: fix CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3,
EmailValidator and URLValidator are subject to a potential ReDoS
(regular expression denial of service) attack via a very large
number of domain name labels of emails and URLs.

Since, there is no ptest available for python3-django so have not
tested the patch changes at runtime.

References:
https://github.com/advisories/GHSA-jh3w-4vvf-mjgr
454f2fb934

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2023-08-25 10:45:34 -04:00

CVE-2023-31047.patch python3-django: fix for CVE-2023-31047 2023-06-17 13:49:44 -04:00

CVE-2023-36053.patch python3-django: fix CVE-2023-36053 2023-08-25 10:45:34 -04:00