Bugzilla – Bug 1120932
VUL-1: CVE-2019-3498: python-Django: python-django: Content spoofing via URL path in default 404 page
Last modified: 2020-06-17 22:26:35 UTC
Django before versions 1.11.18, 2.0.10 and 2.1.5 is vulnerable to content spoofing via crafted URL in the default 404 page. An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found() view. Upstream Patches: https://github.com/django/django/commit/1ecc0a395 https://github.com/django/django/commit/1cd00fcf5 https://github.com/django/django/commit/9f4ed7c94 https://github.com/django/django/commit/64d2396e8 References: https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ https://bugzilla.redhat.com/show_bug.cgi?id=1663722 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3498
Patch for Pike (running version 1.11.11) https://build.opensuse.org/request/show/663404
Patch for Rocky ( upgrade to 1.11.18 which resolves the CVE) https://build.opensuse.org/request/show/663407
Patch for Newton https://build.opensuse.org/request/show/663410
patch for factory https://build.opensuse.org/request/show/663736
Jira https://jira.suse.de/browse/SCRD-6794
factory accepted, rocky resubmitted https://build.opensuse.org/request/show/663755
all patches accepted https://build.opensuse.org/request/show/664129 https://build.opensuse.org/request/show/663404 https://build.opensuse.org/request/show/664127
This is an autogenerated message for OBS integration: This bug (1120932) was mentioned in https://build.opensuse.org/request/show/664341 Factory / python-Django
This is an autogenerated message for OBS integration: This bug (1120932) was mentioned in https://build.opensuse.org/request/show/669477 Factory / python-Django1
SUSE-SU-2019:0483-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1120932 CVE References: CVE-2019-3498 Sources used: SUSE OpenStack Cloud 7 (src): python-Django-1.8.19-3.9.1
verified fixed for cloud8: Repository : Cloud-Maint-Update-11541 Name : python-Django Version : 1.11.20-3.7.1
SUSE-SU-2019:1862-1: An update that solves 5 vulnerabilities and has 10 fixes is now available. Category: security (important) Bug References: 1083721,1105559,1118003,1120932,1122875,1124170,1126391,1128753,1130593,1131712,1131791,1132542,1132852,1132860,124991 CVE References: CVE-2018-14574,CVE-2019-10876,CVE-2019-11068,CVE-2019-3498,CVE-2019-6975 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): crowbar-core-5.0+git.1558533551.8d8ed2058-3.23.1, crowbar-core-branding-SOC-5.0-10.6.3, crowbar-ha-5.0+git.1559282566.6b06ca3-3.17.1, crowbar-openstack-5.0+git.1559335140.62bb4c014-4.25.1, documentation-suse-openstack-cloud-deployment-8.20190521-1.17.1, documentation-suse-openstack-cloud-supplement-8.20190521-1.17.1, documentation-suse-openstack-cloud-upstream-admin-8.20190521-1.17.1, documentation-suse-openstack-cloud-upstream-user-8.20190521-1.17.1, openstack-aodh-5.1.1~dev7-3.11.2, openstack-aodh-doc-5.1.1~dev7-3.11.1, openstack-barbican-5.0.2~dev3-3.14.2, openstack-barbican-doc-5.0.2~dev3-3.14.1, openstack-ceilometer-9.0.8~dev7-3.12.2, openstack-ceilometer-doc-9.0.8~dev7-3.12.1, openstack-cinder-11.2.3~dev5-3.15.2, openstack-cinder-doc-11.2.3~dev5-3.15.1, openstack-dashboard-12.0.4~dev6-3.20.2, openstack-dashboard-theme-SUSE-2017.2+git.1554906711.9dbe79b-7.11.1, openstack-designate-5.0.3~dev7-3.11.1, openstack-designate-doc-5.0.3~dev7-3.11.1, openstack-heat-9.0.8~dev3-3.18.2, openstack-heat-doc-9.0.8~dev3-3.18.2, openstack-heat-gbp-7.0.1~dev1-3.3.1, openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1, openstack-ironic-9.1.8~dev5-3.18.2, openstack-ironic-doc-9.1.8~dev5-3.18.1, openstack-keystone-12.0.4~dev2-5.19.2, openstack-keystone-doc-12.0.4~dev2-5.19.1, openstack-monasca-agent-2.2.5~dev2-3.9.2, openstack-monasca-api-2.2.1~dev26-3.12.2, openstack-monasca-log-api-2.3.1~dev12-3.6.2, openstack-neutron-11.0.9~dev28-3.18.2, openstack-neutron-doc-11.0.9~dev28-3.18.1, openstack-neutron-fwaas-11.0.3~dev1-3.14.1, openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1, openstack-neutron-gbp-7.3.1~dev28-3.3.1, openstack-neutron-lbaas-11.0.4~dev6-3.9.1, openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1, openstack-neutron-vpnaas-11.0.1~dev5-3.12.1, openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1, openstack-nova-16.1.9~dev3-3.23.2, openstack-nova-doc-16.1.9~dev3-3.23.1, openstack-trove-8.0.1~dev13-3.9.1, openstack-trove-doc-8.0.1~dev13-3.9.1, python-Django-1.11.20-3.7.1, python-cliff-2.8.3-3.6.2, python-freezerclient-1.5.1-3.3.2, python-ironicclient-1.17.2-3.3.1, python-magnumclient-2.7.1-3.3.1, python-manilaclient-1.17.4-3.6.1, python-muranoclient-0.14.1-3.3.1, python-novaclient-9.1.3-3.6.2, python-openstackclient-3.12.2-3.3.1, python-os-brick-1.15.9-3.6.2, python-os-client-config-1.28.1-3.3.1, python-os-vif-1.7.2-3.3.2, python-os-win-2.2.1-3.3.1, python-oslo.cache-1.25.2-3.3.1, python-oslo.concurrency-3.21.2-3.3.1, python-oslo.config-4.11.2-3.3.1, python-oslo.i18n-3.17.2-3.3.2, python-oslo.log-3.30.3-3.3.1, python-oslo.messaging-5.30.8-3.8.1, python-oslo.middleware-3.30.2-3.3.1, python-oslo.policy-1.25.4-3.6.1, python-oslo.privsep-1.22.2-3.3.1, python-oslo.reports-1.22.2-3.3.1, python-oslo.utils-3.28.4-3.6.1, python-oslo.versionedobjects-1.26.3-3.6.1, python-oslo.vmware-2.23.2-3.3.1, python-oslotest-2.17.2-3.3.1, python-python-subunit-1.2.0-4.3.1, python-saharaclient-1.3.1-3.3.1, python-swiftclient-3.4.1-3.3.1, python-zaqarclient-1.7.1-3.3.1, supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1 SUSE OpenStack Cloud 8 (src): ardana-ansible-8.0+git.1553878455.7439e04-3.61.1, ardana-barbican-8.0+git.1534266594.8136db7-4.30.1, ardana-cassandra-8.0+git.1534266612.44dcb20-3.12.1, ardana-ceilometer-8.0+git.1534266629.0bb5d54-3.9.1, ardana-cinder-8.0+git.1558619942.6bd075c-3.36.1, ardana-cluster-8.0+git.1534266734.ec4822f-3.33.1, ardana-cobbler-8.0+git.1550694449.df88054-3.38.1, ardana-db-8.0+git.1555341117.d812d88-3.25.1, ardana-designate-8.0+git.1558636763.f7f09ca-3.14.1, ardana-freezer-8.0+git.1534266805.c9ea29b-3.15.1, ardana-glance-8.0+git.1555450219.97789ac-3.11.1, ardana-heat-8.0+git.1555450207.a7d3bfe-3.12.1, ardana-horizon-8.0+git.1554732431.8f9dd50-3.15.1, ardana-input-model-8.0+git.1557418274.fb273dd-3.27.1, ardana-ironic-8.0+git.1534266893.1d69df7-3.6.1, ardana-keystone-8.0+git.1554915846.db23473-3.24.1, ardana-logging-8.0+git.1544117621.1c9a954-3.18.1, ardana-magnum-8.0+git.1555450198.c42dc52-3.6.1, ardana-manila-8.0+git.1551748668.7427826-1.18.1, ardana-memcached-8.0+git.1534266982.498c352-3.6.1, ardana-monasca-8.0+git.1557856965.bde9eb2-3.18.1, ardana-monasca-transform-8.0+git.1534267017.4bbecd9-3.9.1, ardana-mq-8.0+git.1549882721.b2e8873-3.13.1, ardana-neutron-8.0+git.1557523208.81aa1da-3.30.1, ardana-nova-8.0+git.1559253853.bb932ea-3.29.1, ardana-octavia-8.0+git.1557523035.ab44613-3.17.1, ardana-opsconsole-8.0+git.1534267103.829be13-3.10.1, ardana-opsconsole-ui-8.0+git.1537201508.68c32e6-3.16.1, ardana-osconfig-8.0+git.1557503482.852ec24-3.36.1, ardana-service-8.0+git.1551382173.a81d5e1-3.26.1, ardana-service-ansible-8.0+git.1544119019.e68516a-3.17.1, ardana-ses-8.0+git.1554912320.73ad306-1.20.1, ardana-spark-8.0+git.1539709555.5b31c25-3.12.1, ardana-swift-8.0+git.1551502730.f4d219d-3.27.1, ardana-tempest-8.0+git.1557761054.b971c8f-3.21.1, ardana-tls-8.0+git.1534267264.6b1e899-3.6.1, documentation-suse-openstack-cloud-installation-8.20190521-1.17.1, documentation-suse-openstack-cloud-operations-8.20190521-1.17.1, documentation-suse-openstack-cloud-opsconsole-8.20190521-1.17.1, documentation-suse-openstack-cloud-planning-8.20190521-1.17.1, documentation-suse-openstack-cloud-security-8.20190521-1.17.1, documentation-suse-openstack-cloud-supplement-8.20190521-1.17.1, documentation-suse-openstack-cloud-upstream-admin-8.20190521-1.17.1, documentation-suse-openstack-cloud-upstream-user-8.20190521-1.17.1, documentation-suse-openstack-cloud-user-8.20190521-1.17.1, openstack-aodh-5.1.1~dev7-3.11.2, openstack-aodh-doc-5.1.1~dev7-3.11.1, openstack-barbican-5.0.2~dev3-3.14.2, openstack-barbican-doc-5.0.2~dev3-3.14.1, openstack-ceilometer-9.0.8~dev7-3.12.2, openstack-ceilometer-doc-9.0.8~dev7-3.12.1, openstack-cinder-11.2.3~dev5-3.15.2, openstack-cinder-doc-11.2.3~dev5-3.15.1, openstack-dashboard-12.0.4~dev6-3.20.2, openstack-dashboard-theme-SUSE-2017.2+git.1554906711.9dbe79b-7.11.1, openstack-designate-5.0.3~dev7-3.11.1, openstack-designate-doc-5.0.3~dev7-3.11.1, openstack-heat-9.0.8~dev3-3.18.2, openstack-heat-doc-9.0.8~dev3-3.18.2, openstack-heat-gbp-7.0.1~dev1-3.3.1, openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1, openstack-ironic-9.1.8~dev5-3.18.2, openstack-ironic-doc-9.1.8~dev5-3.18.1, openstack-keystone-12.0.4~dev2-5.19.2, openstack-keystone-doc-12.0.4~dev2-5.19.1, openstack-monasca-agent-2.2.5~dev2-3.9.2, openstack-monasca-api-2.2.1~dev26-3.12.2, openstack-monasca-log-api-2.3.1~dev12-3.6.2, openstack-neutron-11.0.9~dev28-3.18.2, openstack-neutron-doc-11.0.9~dev28-3.18.1, openstack-neutron-fwaas-11.0.3~dev1-3.14.1, openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1, openstack-neutron-gbp-7.3.1~dev28-3.3.1, openstack-neutron-lbaas-11.0.4~dev6-3.9.1, openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1, openstack-neutron-vpnaas-11.0.1~dev5-3.12.1, openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1, openstack-nova-16.1.9~dev3-3.23.2, openstack-nova-doc-16.1.9~dev3-3.23.1, openstack-trove-8.0.1~dev13-3.9.1, openstack-trove-doc-8.0.1~dev13-3.9.1, python-Django-1.11.20-3.7.1, python-ardana-configurationprocessor-8.0+git.1534266236.fb1623c-6.9.1, python-cinderlm-0.0.2+git.1541444073.4d3347c-3.6.1, python-cliff-2.8.3-3.6.2, python-freezerclient-1.5.1-3.3.2, python-ironicclient-1.17.2-3.3.1, python-magnumclient-2.7.1-3.3.1, python-manilaclient-1.17.4-3.6.1, python-muranoclient-0.14.1-3.3.1, python-novaclient-9.1.3-3.6.2, python-openstackclient-3.12.2-3.3.1, python-os-brick-1.15.9-3.6.2, python-os-client-config-1.28.1-3.3.1, python-os-vif-1.7.2-3.3.2, python-os-win-2.2.1-3.3.1, python-oslo.cache-1.25.2-3.3.1, python-oslo.concurrency-3.21.2-3.3.1, python-oslo.config-4.11.2-3.3.1, python-oslo.i18n-3.17.2-3.3.2, python-oslo.log-3.30.3-3.3.1, python-oslo.messaging-5.30.8-3.8.1, python-oslo.middleware-3.30.2-3.3.1, python-oslo.policy-1.25.4-3.6.1, python-oslo.privsep-1.22.2-3.3.1, python-oslo.reports-1.22.2-3.3.1, python-oslo.utils-3.28.4-3.6.1, python-oslo.versionedobjects-1.26.3-3.6.1, python-oslo.vmware-2.23.2-3.3.1, python-oslotest-2.17.2-3.3.1, python-python-subunit-1.2.0-4.3.1, python-saharaclient-1.3.1-3.3.1, python-swiftclient-3.4.1-3.3.1, python-zaqarclient-1.7.1-3.3.1, supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1, venv-openstack-aodh-5.1.1~dev7-12.16.1, venv-openstack-barbican-5.0.2~dev3-12.17.1, venv-openstack-ceilometer-9.0.8~dev7-12.14.1, venv-openstack-cinder-11.2.3~dev5-14.17.1, venv-openstack-designate-5.0.3~dev7-12.15.1, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.12.1, venv-openstack-glance-15.0.2~dev9-12.15.1, venv-openstack-heat-9.0.8~dev3-12.17.1, venv-openstack-horizon-12.0.4~dev6-14.22.1, venv-openstack-ironic-9.1.8~dev5-12.17.1, venv-openstack-keystone-12.0.4~dev2-11.17.1, venv-openstack-magnum-5.0.2-11.15.1, venv-openstack-manila-5.0.4~dev17-12.19.1, venv-openstack-monasca-2.2.1-11.13.1, venv-openstack-monasca-ceilometer-1.5.1-8.11.1, venv-openstack-murano-4.0.1-12.11.1, venv-openstack-neutron-11.0.2-13.19.1, venv-openstack-nova-16.1.9~dev3-11.18.1, venv-openstack-octavia-1.0.5~dev1-12.17.1, venv-openstack-sahara-7.0.4~dev1-11.16.1, venv-openstack-swift-2.15.2-11.11.1, venv-openstack-trove-8.0.1~dev13-11.16.1 HPE Helion Openstack 8 (src): ardana-ansible-8.0+git.1553878455.7439e04-3.61.1, ardana-barbican-8.0+git.1534266594.8136db7-4.30.1, ardana-cassandra-8.0+git.1534266612.44dcb20-3.12.1, ardana-ceilometer-8.0+git.1534266629.0bb5d54-3.9.1, ardana-cinder-8.0+git.1558619942.6bd075c-3.36.1, ardana-cluster-8.0+git.1534266734.ec4822f-3.33.1, ardana-cobbler-8.0+git.1550694449.df88054-3.38.1, ardana-db-8.0+git.1555341117.d812d88-3.25.1, ardana-designate-8.0+git.1558636763.f7f09ca-3.14.1, ardana-freezer-8.0+git.1534266805.c9ea29b-3.15.1, ardana-glance-8.0+git.1555450219.97789ac-3.11.1, ardana-heat-8.0+git.1555450207.a7d3bfe-3.12.1, ardana-horizon-8.0+git.1554732431.8f9dd50-3.15.1, ardana-input-model-8.0+git.1557418274.fb273dd-3.27.1, ardana-ironic-8.0+git.1534266893.1d69df7-3.6.1, ardana-keystone-8.0+git.1554915846.db23473-3.24.1, ardana-logging-8.0+git.1544117621.1c9a954-3.18.1, ardana-magnum-8.0+git.1555450198.c42dc52-3.6.1, ardana-manila-8.0+git.1551748668.7427826-1.18.1, ardana-memcached-8.0+git.1534266982.498c352-3.6.1, ardana-monasca-8.0+git.1557856965.bde9eb2-3.18.1, ardana-monasca-transform-8.0+git.1534267017.4bbecd9-3.9.1, ardana-mq-8.0+git.1549882721.b2e8873-3.13.1, ardana-neutron-8.0+git.1557523208.81aa1da-3.30.1, ardana-nova-8.0+git.1559253853.bb932ea-3.29.1, ardana-octavia-8.0+git.1557523035.ab44613-3.17.1, ardana-opsconsole-8.0+git.1534267103.829be13-3.10.1, ardana-opsconsole-ui-hpe-8.0+git.1537201508.68c32e6-3.16.1, ardana-osconfig-8.0+git.1557503482.852ec24-3.36.1, ardana-service-8.0+git.1551382173.a81d5e1-3.26.1, ardana-service-ansible-8.0+git.1544119019.e68516a-3.17.1, ardana-ses-8.0+git.1554912320.73ad306-1.20.1, ardana-spark-8.0+git.1539709555.5b31c25-3.12.1, ardana-swift-8.0+git.1551502730.f4d219d-3.27.1, ardana-tempest-8.0+git.1557761054.b971c8f-3.21.1, ardana-tls-8.0+git.1534267264.6b1e899-3.6.1, documentation-hpe-helion-openstack-installation-8.20190521-1.17.1, documentation-hpe-helion-openstack-operations-8.20190521-1.17.1, documentation-hpe-helion-openstack-opsconsole-8.20190521-1.17.1, documentation-hpe-helion-openstack-planning-8.20190521-1.17.1, documentation-hpe-helion-openstack-security-8.20190521-1.17.1, documentation-hpe-helion-openstack-user-8.20190521-1.17.1, openstack-aodh-5.1.1~dev7-3.11.2, openstack-aodh-doc-5.1.1~dev7-3.11.1, openstack-barbican-5.0.2~dev3-3.14.2, openstack-barbican-doc-5.0.2~dev3-3.14.1, openstack-ceilometer-9.0.8~dev7-3.12.2, openstack-ceilometer-doc-9.0.8~dev7-3.12.1, openstack-cinder-11.2.3~dev5-3.15.2, openstack-cinder-doc-11.2.3~dev5-3.15.1, openstack-dashboard-12.0.4~dev6-3.20.2, openstack-designate-5.0.3~dev7-3.11.1, openstack-designate-doc-5.0.3~dev7-3.11.1, openstack-heat-9.0.8~dev3-3.18.2, openstack-heat-doc-9.0.8~dev3-3.18.2, openstack-heat-gbp-7.0.1~dev1-3.3.1, openstack-horizon-plugin-trove-ui-9.0.1~dev10-3.9.1, openstack-ironic-9.1.8~dev5-3.18.2, openstack-ironic-doc-9.1.8~dev5-3.18.1, openstack-keystone-12.0.4~dev2-5.19.2, openstack-keystone-doc-12.0.4~dev2-5.19.1, openstack-monasca-agent-2.2.5~dev2-3.9.2, openstack-monasca-api-2.2.1~dev26-3.12.2, openstack-monasca-log-api-2.3.1~dev12-3.6.2, openstack-neutron-11.0.9~dev28-3.18.2, openstack-neutron-doc-11.0.9~dev28-3.18.1, openstack-neutron-fwaas-11.0.3~dev1-3.14.1, openstack-neutron-fwaas-doc-11.0.3~dev1-3.14.1, openstack-neutron-gbp-7.3.1~dev28-3.3.1, openstack-neutron-lbaas-11.0.4~dev6-3.9.1, openstack-neutron-lbaas-doc-11.0.4~dev6-3.9.1, openstack-neutron-vpnaas-11.0.1~dev5-3.12.1, openstack-neutron-vpnaas-doc-11.0.1~dev5-3.12.1, openstack-nova-16.1.9~dev3-3.23.2, openstack-nova-doc-16.1.9~dev3-3.23.1, openstack-trove-8.0.1~dev13-3.9.1, openstack-trove-doc-8.0.1~dev13-3.9.1, python-Django-1.11.20-3.7.1, python-ardana-configurationprocessor-8.0+git.1534266236.fb1623c-6.9.1, python-cinderlm-0.0.2+git.1541444073.4d3347c-3.6.1, python-cliff-2.8.3-3.6.2, python-freezerclient-1.5.1-3.3.2, python-ironicclient-1.17.2-3.3.1, python-magnumclient-2.7.1-3.3.1, python-manilaclient-1.17.4-3.6.1, python-muranoclient-0.14.1-3.3.1, python-novaclient-9.1.3-3.6.2, python-openstackclient-3.12.2-3.3.1, python-os-brick-1.15.9-3.6.2, python-os-client-config-1.28.1-3.3.1, python-os-vif-1.7.2-3.3.2, python-os-win-2.2.1-3.3.1, python-oslo.cache-1.25.2-3.3.1, python-oslo.concurrency-3.21.2-3.3.1, python-oslo.config-4.11.2-3.3.1, python-oslo.i18n-3.17.2-3.3.2, python-oslo.log-3.30.3-3.3.1, python-oslo.messaging-5.30.8-3.8.1, python-oslo.middleware-3.30.2-3.3.1, python-oslo.policy-1.25.4-3.6.1, python-oslo.privsep-1.22.2-3.3.1, python-oslo.reports-1.22.2-3.3.1, python-oslo.utils-3.28.4-3.6.1, python-oslo.versionedobjects-1.26.3-3.6.1, python-oslo.vmware-2.23.2-3.3.1, python-oslotest-2.17.2-3.3.1, python-python-subunit-1.2.0-4.3.1, python-saharaclient-1.3.1-3.3.1, python-swiftclient-3.4.1-3.3.1, python-zaqarclient-1.7.1-3.3.1, supportutils-plugin-suse-openstack-cloud-8.0.1551262227.7a7deb6-3.3.1, venv-openstack-aodh-5.1.1~dev7-12.16.1, venv-openstack-barbican-5.0.2~dev3-12.17.1, venv-openstack-ceilometer-9.0.8~dev7-12.14.1, venv-openstack-cinder-11.2.3~dev5-14.17.1, venv-openstack-designate-5.0.3~dev7-12.15.1, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.12.1, venv-openstack-glance-15.0.2~dev9-12.15.1, venv-openstack-heat-9.0.8~dev3-12.17.1, venv-openstack-horizon-hpe-12.0.4~dev6-14.22.1, venv-openstack-ironic-9.1.8~dev5-12.17.1, venv-openstack-keystone-12.0.4~dev2-11.17.1, venv-openstack-magnum-5.0.2-11.15.1, venv-openstack-manila-5.0.4~dev17-12.19.1, venv-openstack-monasca-2.2.1-11.13.1, venv-openstack-monasca-ceilometer-1.5.1-8.11.1, venv-openstack-murano-4.0.1-12.11.1, venv-openstack-neutron-11.0.2-13.19.1, venv-openstack-nova-16.1.9~dev3-11.18.1, venv-openstack-octavia-1.0.5~dev1-12.17.1, venv-openstack-sahara-7.0.4~dev1-11.16.1, venv-openstack-swift-2.15.2-11.11.1, venv-openstack-trove-8.0.1~dev13-11.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done
SUSE-SU-2019:3127-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1120932,1139945 CVE References: CVE-2019-12781,CVE-2019-3498 Sources used: SUSE Enterprise Storage 5 (src): python-Django-1.6.11-6.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi, it looks like there's a bug in the Newton backport (though the CVE is still protected against); 'exception' is not defined so 404 page doesn't load; more detailed comments from: https://bugzilla.suse.com/show_bug.cgi?id=1161349#c6 . I can work on fixing the .patch file unless someone else would rather take it.
(Fixed version up here: https://build.suse.de/package/view_file/PTF:19071/python-Django.SUSE_SLE-12-SP2_Update_Products_Cloud7_Update/CVE-2019-3498-Fixed-content-spoof.patch?expand=1 ; confirmed to work for the customer. I don't know who is responsible for putting the patch into an update.)