openSUSE-SU-2018:2327-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2018:2327-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2018:2327-1
Related
Published
2018-08-14T14:57:13Z
Modified
2018-08-14T14:57:13Z
Summary
Security update for python-Django
Details

This update for python-Django to 1.11.15 fixes the following issues:

This security issue was fixed:

  • CVE-2018-14574: Prevent open redirect in django.middleware.common.CommonMiddleware (bsc#1102680).

These non-security issues were fixed:

  • Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+
  • Fixed a regression that could result in large memory usage when making edits using ModelAdmin.list_editable
  • Fixed a regression where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns
  • Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed
  • Fixed a regression where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary
  • Fixed a regression where combining two annotated values_list() querysets with union(), difference(), or intersection() crashed due to mismatching columns
  • Fixed a regression where an empty choice could be initially selected for the SelectMultiple and CheckboxSelectMultiple widgets
References

Affected packages

SUSE:Package Hub 12 / python-Django

Package

Name
python-Django
Purl
purl:rpm/suse/python-Django&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.15-11.1

Ecosystem specific

{
    "binaries": [
        {
            "python-Django": "1.11.15-11.1"
        }
    ]
}