openSUSE-SU-2019:1839-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1839-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1839-1
Related
Published
2019-08-08T15:57:07Z
Modified
2019-08-08T15:57:07Z
Summary
Security update for python-Django
Details

This update for python-Django fixes the following issues:

Security issues fixed:

  • CVE-2019-11358: Fixed prototype pollution.
  • CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
  • CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).
  • CVE-2019-14232: Fixed denial-of-service possibility in django.utils.text.Truncator (bsc#1142880).
  • CVE-2019-14233: Fixed denial-of-service possibility in strip_tags() (bsc#1142882).
  • CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for JSONField/HStoreField (bsc#1142883).
  • CVE-2019-14235: Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri() (bsc#1142885).

Non-security issues fixed:

  • Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.
References

Affected packages

openSUSE:Leap 15.1 / python-Django

Package

Name
python-Django
Purl
pkg:rpm/opensuse/python-Django&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.4-lp151.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-Django": "2.2.4-lp151.2.3.1"
        }
    ]
}