48230a4b79
Fixes the following vulnerability: CVE-2024-56374: Potential denial-of-service vulnerability in IPv6 validation Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address were vulnerable, as was the django.forms.GenericIPAddressField form field, which has now been updated to define a max_length of 39 characters. The django.db.models.GenericIPAddressField model field was not affected. Signed-off-by: James Hilliard <james.hilliard1@gmail.com> Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit c87726dd336b7f9a1cebd26a327e47aa25d8b4d2) [Peter: Mark as security bump, add CVE info] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| python-django.hash | ||
| python-django.mk | ||