[ubuntu/bionic-updates] python-django 1:1.11.11-1ubuntu1.5 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Aug 1 11:58:12 UTC 2019
python-django (1:1.11.11-1ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: Denial-of-service possibility in
django.utils.text.Truncator
- debian/patches/CVE-2019-14232.patch: adjusted regex to avoid
backtracking issues when truncating HTML in django/utils/text.py,
tests/template_tests/filter_tests/test_truncatewords_html.py,
tests/utils_tests/test_text.py.
- CVE-2019-14232
* SECURITY UPDATE: Denial-of-service possibility in strip_tags()
- debian/patches/CVE-2019-14233.patch: prevented excessive HTMLParser
recursion in strip_tags() when handling incomplete HTML entities in
django/utils/html.py, tests/utils_tests/test_html.py.
- CVE-2019-14233
* SECURITY UPDATE: SQL injection possibility in key and index lookups for
JSONField/HStoreField
- debian/patches/CVE-2019-14234.patch: protected JSONField/HStoreField
key and index lookups against SQL injection in
django/contrib/postgres/fields/hstore.py,
django/contrib/postgres/fields/jsonb.py,
tests/postgres_tests/test_hstore.py,
tests/postgres_tests/test_json.py.
- CVE-2019-14234
* SECURITY UPDATE: Potential memory exhaustion in
django.utils.encoding.uri_to_iri()
- debian/patches/CVE-2019-14235.patch: fixed potential memory
exhaustion in django.utils.encoding.uri_to_iri() in
django/utils/encoding.py, tests/utils_tests/test_encoding.py.
- CVE-2019-14235
Date: 2019-07-26 12:35:43.346274+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list