helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-04 03:49:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
meta-openembedded/meta-python/recipes-devtools/python/python3-django-2.2.16
History
Stefan Ghinea f01a9056a9 python3-django: fix CVE-2021-28658 
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658

Upstream patches:
4036d62bda

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit aef354a0c29a4c6aad4ace53190b5573c78d881b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2021-07-05 14:54:38 -07:00
..
CVE-2021-28658.patch