[openSUSE-SU-2019:1839-1] Security update for python-Django
Severity
Moderate
Affected Packages
1
CVEs
7
Security update for python-Django
This update for python-Django fixes the following issues:
Security issues fixed:
- CVE-2019-11358: Fixed prototype pollution.
- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
- CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).
- CVE-2019-14232: Fixed denial-of-service possibility in
django.utils.text.Truncator
(bsc#1142880). - CVE-2019-14233: Fixed denial-of-service possibility in
strip_tags()
(bsc#1142882). - CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for
JSONField
/HStoreField
(bsc#1142883). - CVE-2019-14235: Fixed potential memory exhaustion in
django.utils.encoding.uri_to_iri()
(bsc#1142885).
Non-security issues fixed:
- Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.
Package | Affected Version |
---|---|
pkg:rpm/opensuse/python3-Django?arch=noarch&distro=opensuse-leap-15.1 | < 2.2.4-lp151.2.3.1 |
- ID
- openSUSE-SU-2019:1839-1
- Severity
- moderate
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ/#3LGJSPCN3VEG2UJPYCUB6TU75JTIV2TQ
- Published
-
2019-08-08T15:57:07
(5 years ago) - Modified
-
2019-08-08T15:57:07
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2020-1519
- ALAS2-2023-1905
- ALPINE:CVE-2019-11358
- ALPINE:CVE-2019-12308
- ALPINE:CVE-2019-12781
- ALPINE:CVE-2019-14232
- ALPINE:CVE-2019-14233
- ALPINE:CVE-2019-14234
- ALPINE:CVE-2019-14235
- ALSA-2020:4670
- ALSA-2020:4847
- ASA-201906-2
- ASA-201907-2
- ASA-201908-2
- DSA-4434-1
- DSA-4460-1
- DSA-4476-1
- DSA-4498-1
- ELSA-2020-3936
- ELSA-2022-7343
- FEDORA-2019-040857fd75
- FEDORA-2019-1a3edd7e8a
- FEDORA-2019-2a0ce0c58c
- FEDORA-2019-41d6ffd6f0
- FEDORA-2019-57a4324120
- FEDORA-2019-5f1a2cc839
- FEDORA-2019-647f74ce51
- FEDORA-2019-7eaf0bbe7c
- FEDORA-2019-84a50e34a9
- FEDORA-2019-a06dffab1c
- FEDORA-2019-d9aa58d863
- FEDORA-2019-eba8e44ee6
- FEDORA-2019-f563e66380
- FEDORA-2020-2e7d30f7aa
- FREEBSD:3C5A4FE0-9EBB-11E9-9169-FCAA147E860E
- FREEBSD:6E65DFEA-B614-11E9-A3A2-1506E15611CC
- FREEBSD:B805D7B4-9C0C-11E9-97F0-000C29E96DB4
- FREEBSD:FFC73E87-87F0-11E9-AD56-FCAA147E860E
- GLSA-202004-17
- MAVEN:GHSA-6C3J-C64M-QHGQ
- NPM:GHSA-6C3J-C64M-QHGQ
- openSUSE-SU-2019:1872-1
- PYSEC-2019-10
- PYSEC-2019-11
- PYSEC-2019-12
- PYSEC-2019-13
- PYSEC-2019-14
- PYSEC-2019-79
- RHSA-2020:3936
- RHSA-2020:4670
- RHSA-2020:4847
- RHSA-2021:4142
- RHSA-2022:7343
- RLSA-2020:4670
- RLSA-2020:4847
- RUBYSEC:JQUERY-RAILS-2019-11358
- SUSE-SU-2019:2034-1
- SUSE-SU-2019:2180-1
- SUSE-SU-2019:2257-1
- SUSE-SU-2019:2335-1
- SUSE-SU-2019:2379-1
- SUSE-SU-2019:3127-1
- SUSE-SU-2024:2817-1
- USN-4043-1
- USN-4084-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/python3-Django?arch=noarch&distro=opensuse-leap-15.1 | opensuse | python3-Django | < 2.2.4-lp151.2.3.1 | opensuse-leap-15.1 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |