openSUSE-SU-2019:1872-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1872-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2019:1872-1
Upstream
Related
Published
2019-08-14T09:13:06Z
Modified
2025-05-08T17:45:37.872732Z
Summary
Security update for python-Django
Details

This update for python-Django fixes the following issues:

Security issues fixed:

  • CVE-2019-11358: Fixed prototype pollution.
  • CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
  • CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945).
  • CVE-2019-14232: Fixed denial-of-service possibility in django.utils.text.Truncator (bsc#1142880).
  • CVE-2019-14233: Fixed denial-of-service possibility in strip_tags() (bsc#1142882).
  • CVE-2019-14234: Fixed SQL injection possibility in key and index lookups for JSONField/HStoreField (bsc#1142883).
  • CVE-2019-14235: Fixed potential memory exhaustion in django.utils.encoding.uri_to_iri() (bsc#1142885).

Non-security issues fixed:

  • Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type.

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / python-Django

Package

Name
python-Django
Purl
pkg:rpm/suse/python-Django&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.4-bp151.3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-Django": "2.2.4-bp151.3.3.1"
        }
    ]
}