meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-07-19 15:29:08 +02:00

History

Stefan Ghinea 660e62b645 python3-django: fix CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. References: https://nvd.nist.gov/vuln/detail/CVE-2021-28658 Upstream patches: `4036d62bda` Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>	2021-04-21 08:26:07 -07:00
..
CVE-2021-28658.patch	python3-django: fix CVE-2021-28658	2021-04-21 08:26:07 -07:00

Stefan Ghinea 660e62b645 python3-django: fix CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658

Upstream patches:
4036d62bda

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>

2021-04-21 08:26:07 -07:00

CVE-2021-28658.patch python3-django: fix CVE-2021-28658 2021-04-21 08:26:07 -07:00