[meta-python,scarthgap,v2,0/8] python3-django CVE fixes

Message ID	20251022232633.1703690-1-ankur.tyagi85@gmail.com
Headers	show Return-Path: <ankur.tyagi85@gmail.com> ip: 209.85.216.46, mailfrom: ankur.tyagi85@gmail.com) From: Ankur Tyagi <ankur.tyagi85@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> Subject: [oe][meta-python][scarthgap][PATCH v2 0/8] python3-django CVE fixes Date: Thu, 23 Oct 2025 12:26:23 +1300 Message-ID: <20251022232633.1703690-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	python3-django CVE fixes \| expand [meta-python,scarthgap,v2,0/8] python3-django CVE fixes [meta-python,scarthgap,v2,1/8] python3-django: upgrade 4.2.18 -> 4.2.20 [meta-python,scarthgap,v2,2/8] python-django: fix 4.2.20 regression [meta-python,scarthgap,v2,3/8] python3-django: patch CVE-2025-32873 [meta-python,scarthgap,v2,4/8] python3-django: patch CVE-2025-48432 [meta-python,scarthgap,v2,5/8] python3-django: patch CVE-2025-57833 [meta-python,scarthgap,v2,6/8] python3-django: patch CVE-2025-59681 [meta-python,scarthgap,v2,7/8] python3-django: patch CVE-2025-59682 [meta-python,scarthgap,v2,8/8] python3-django: upgrade 5.0.11 -> 5.0.14

Message ID

20251022232633.1703690-1-ankur.tyagi85@gmail.com

Headers

From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-python][scarthgap][PATCH v2 0/8] python3-django CVE fixes
Date: Thu, 23 Oct 2025 12:26:23 +1300
Message-ID: <20251022232633.1703690-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

python3-django CVE fixes | expand

Message

Ankur Tyagi Oct. 22, 2025, 11:26 p.m. UTC

changes in v2
- renamed CVE-2025-26699.patch and removed CVE tag because it is not a CVE fix
  but fixes a regression caused by CVE fix

Ankur Tyagi (7):
  python-django: fix 4.2.20 regression
  python3-django: patch CVE-2025-32873
  python3-django: patch CVE-2025-48432
  python3-django: patch CVE-2025-57833
  python3-django: patch CVE-2025-59681
  python3-django: patch CVE-2025-59682
  python3-django: upgrade 5.0.11 -> 5.0.14

Soumya Sambu (1):
  python3-django: upgrade 4.2.18 -> 4.2.20

 .../CVE-2025-32873.patch                      |  86 +++++++
 .../CVE-2025-48432-1.patch                    | 166 +++++++++++++
 .../CVE-2025-48432-2.patch                    | 225 ++++++++++++++++++
 .../CVE-2025-48432-3.patch                    | 165 +++++++++++++
 .../CVE-2025-48432-4.patch                    | 193 +++++++++++++++
 .../CVE-2025-48432-5.patch                    |  76 ++++++
 .../CVE-2025-48432-6.patch                    | 167 +++++++++++++
 .../CVE-2025-57833.patch                      |  83 +++++++
 .../CVE-2025-59681.patch                      | 174 ++++++++++++++
 .../CVE-2025-59682.patch                      |  72 ++++++
 ...ntroduced-when-fixing-CVE-2025-26699.patch | 102 ++++++++
 .../python/python3-django_4.2.18.bb           |  14 --
 .../python/python3-django_4.2.20.bb           |  28 +++
 ...ngo_5.0.11.bb => python3-django_5.0.14.bb} |   2 +-
 14 files changed, 1538 insertions(+), 15 deletions(-)
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-32873.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-48432-1.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-48432-2.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-48432-3.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-48432-4.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-48432-5.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-48432-6.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-57833.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-59681.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/CVE-2025-59682.patch
 create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.20/fix-regression-introduced-when-fixing-CVE-2025-26699.patch
 delete mode 100644 meta-python/recipes-devtools/python/python3-django_4.2.18.bb
 create mode 100644 meta-python/recipes-devtools/python/python3-django_4.2.20.bb
 rename meta-python/recipes-devtools/python/{python3-django_5.0.11.bb => python3-django_5.0.14.bb} (56%)