From: Anil Dongare <[email protected]> Upstream Repository: https://github.com/django/django.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27556 Type: Security Advisory CVE: CVE-2025-27556 Score: 7.5 Analysis: - CVE-2025-27556 affects Django 5.1 before 5.1.8 and 5.0 before 5.0.14. - The issue occurs due to slow NFKC normalization on Windows, which can cause a denial-of-service (DoS) when handling inputs containing a very large number of Unicode characters. - Affected Django components: django.contrib.auth.views.LoginView django.contrib.auth.views.LogoutView django.views.i18n.set_language - This performance degradation is specific to Windows, caused by the Windows Unicode normalization implementation. Reference: - https://nvd.nist.gov/vuln/detail/CVE-2025-27556 - https://github.com/django/django/commit/2cb311f7b069 Signed-off-by: Anil Dongare <[email protected]> --- meta-python/recipes-devtools/python/python3-django_5.0.11.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-django_5.0.11.bb b/meta-python/recipes-devtools/python/python3-django_5.0.11.bb index 5060f3c9ad..43be30c7ec 100644 --- a/meta-python/recipes-devtools/python/python3-django_5.0.11.bb +++ b/meta-python/recipes-devtools/python/python3-django_5.0.11.bb @@ -1,6 +1,9 @@ require python-django.inc inherit setuptools3 +# Windows-specific DoS via NFKC normalization, not applicable to Linux +CVE_STATUS[CVE-2025-27556] = "not-applicable-platform: Issue only applies on Windows" + SRC_URI[sha256sum] = "e7d98fa05ce09cb3e8d5ad6472fb602322acd1740bfdadc29c8404182d664f65" RDEPENDS:${PN} += "\ -- 2.44.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121373): https://lists.openembedded.org/g/openembedded-devel/message/121373 Mute This Topic: https://lists.openembedded.org/mt/116170194/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
