1. Home
  2. Security Advisories
  3. OpenSUSE
  4. openSUSE-SU-2019:1872-1

[openSUSE-SU-2019:1872-1] Security update for python-Django

Severity Moderate
Affected Packages 1
CVEs 7
Info Packages References Vulnerabilities

Security update for python-Django

This update for python-Django fixes the following issues:

Security issues fixed:

  • CVE-2019-11358: Fixed prototype pollution.
  • CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
  • CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).
  • CVE-2019-14232: Fixed denial-of-service possibility in django.utils.text.Truncator (bsc#1142880).
  • CVE-2019-14233: Fixed denial-of-service possibility in strip_tags() (bsc#1142882).
  • CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for JSONField/HStoreField (bsc#1142883).
  • CVE-2019-14235: Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri() (bsc#1142885).

Non-security issues fixed:

  • Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Package Affected Version
pkg:rpm/opensuse/python3-Django?arch=noarch&distro=opensuse-15&repo=suse-package-hub < 2.2.4-bp151.3.3.1
ID
openSUSE-SU-2019:1872-1
Severity
moderate
URL
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW/#5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
Published
2019-08-14T09:13:06
(5 years ago)
Modified
2019-08-14T09:13:06
(5 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1872-1.json
Suse URL for openSUSE-SU-2019:1872-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW/#5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
Suse E-Mail link for openSUSE-SU-2019:1872-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW/#5XTP44JEOSNXRVW4JDZXA5XGMBDZLWSW
Bugzilla SUSE Bug 1136468 https://bugzilla.suse.com/1136468
Bugzilla SUSE Bug 1139945 https://bugzilla.suse.com/1139945
Bugzilla SUSE Bug 1142880 https://bugzilla.suse.com/1142880
Bugzilla SUSE Bug 1142882 https://bugzilla.suse.com/1142882
Bugzilla SUSE Bug 1142883 https://bugzilla.suse.com/1142883
Bugzilla SUSE Bug 1142885 https://bugzilla.suse.com/1142885
CVE SUSE CVE CVE-2019-11358 page https://www.suse.com/security/cve/CVE-2019-11358/
CVE SUSE CVE CVE-2019-12308 page https://www.suse.com/security/cve/CVE-2019-12308/
CVE SUSE CVE CVE-2019-12781 page https://www.suse.com/security/cve/CVE-2019-12781/
CVE SUSE CVE CVE-2019-14232 page https://www.suse.com/security/cve/CVE-2019-14232/
CVE SUSE CVE CVE-2019-14233 page https://www.suse.com/security/cve/CVE-2019-14233/
CVE SUSE CVE CVE-2019-14234 page https://www.suse.com/security/cve/CVE-2019-14234/
CVE SUSE CVE CVE-2019-14235 page https://www.suse.com/security/cve/CVE-2019-14235/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/opensuse/python3-Django?arch=noarch&distro=opensuse-15&repo=suse-package-hub opensuse python3-Django < 2.2.4-bp151.3.3.1 opensuse-15 noarch
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date