SUSE-SU-2018:1102-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20181102-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1102-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1102-1
Related
Published
2018-04-27T13:24:32Z
Modified
2018-04-27T13:24:32Z
Summary
Security update for python-Django
Details

This update for python-Django fixes the following issues:

Security issues fixed:

  • CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305)
  • CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. (bsc#1083304)
  • CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284)
  • CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451)
  • CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450)
  • CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047)
  • CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050)
  • CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374)
  • CVE-2016-2512: Vulnerability in the function tils.http.issafeurl could allow remote users to arbitrary web site and conduct phishing attacks. (bsc#bnc#967999)
References

Affected packages

SUSE:OpenStack Cloud 6 / python-Django

Package

Name
python-Django
Purl
purl:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.19-3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "python-Django": "1.8.19-3.6.1"
        }
    ]
}