Request 590768: Incident python3-Django.openSUSE_Leap_42.3_Update - openSUSE Build Service

Overview

Request 590768 accepted

python-Django 1.8.18

- CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305)
- CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters (bsc#1083304).
- CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374).
- CVE-2016-2513: User enumeration through timing difference on password hasher work factor upgrade (bsc#968000).
- CVE-2016-2512: Fixed malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth (bsc#967999).
- CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050).
- CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047).
- CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451).
- CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450).
- CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284)

Created by AndreasStieger about 6 years ago
In state accepted

Incident python3-Django.openSUSE_Leap_42.3_Update

Comments for request 590768 1

Andreas Stieger (AndreasStieger) - about 6 years ago

author

@tbechtold missed one...

Login required, please login in order to comment

Request History

AndreasStieger created request about 6 years ago

python-Django 1.8.18

- CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305)
- CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters (bsc#1083304).
- CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374).
- CVE-2016-2513: User enumeration through timing difference on password hasher work factor upgrade (bsc#968000).
- CVE-2016-2512: Fixed malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth (bsc#967999).
- CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050).
- CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047).
- CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451).
- CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450).
- CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284)

licensedigger accepted review about 6 years ago

ok

maintbot added devel:languages:python as a reviewer about 6 years ago

Submission for None by someone who is not maintainer in the devel project (devel:languages:python). Please review

maintbot accepted review about 6 years ago

ok

mimi_vx accepted review about 6 years ago

mimi_vx approved review about 6 years ago

AndreasStieger moved maintenance target to openSUSE:Maintenance:3345 about 6 years ago

AndreasStieger accepted request about 6 years ago

accepted request 590768:Thanks!

For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance

openSUSE Build Service is sponsored by