python3-django: fix CVE-2021-28658 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Stefan Ghinea <stefan.ghinea@windriver.com>	2021-04-23 11:53:56 +0800
committer	Armin Kuster <akuster808@gmail.com>	2021-07-05 14:54:38 -0700
commit	f01a9056a997bc180af0644bfc640d3e6ea5fb62 (patch)
tree	175271e2469546124737311b738854cf14ccc15a /meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
parent	f1d5b6260f7ebf89a524a632ef523b7f3c01b1b3 (diff)
download	meta-openembedded-f01a9056a997bc180af0644bfc640d3e6ea5fb62.tar.gz

python3-django: fix CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. References: https://nvd.nist.gov/vuln/detail/CVE-2021-28658 Upstream patches: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit aef354a0c29a4c6aad4ace53190b5573c78d881b) Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: