Bugzilla – Bug 1142880
VUL-0: CVE-2019-14232: python-Django: Denial-of-service possibility in ``django.utils.text.Truncator``
Last modified: 2020-05-04 07:45:23 UTC
now public through https://www.djangoproject.com/weblog/2019/aug/01/security-releases/ CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. The regular expressions used by Truncator have been simplified in order to avoid potential backtracking issues. As a consequence, trailing punctuation may now at times be included in the truncated output.
This is an autogenerated message for OBS integration: This bug (1142880) was mentioned in https://build.opensuse.org/request/show/720189 Factory / python-Django https://build.opensuse.org/request/show/720190 Factory / python-Django1 https://build.opensuse.org/request/show/720192 15.1 / python-Django
openSUSE-SU-2019:1839-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-11358,CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: openSUSE Leap 15.1 (src): python-Django-2.2.4-lp151.2.3.1
openSUSE-SU-2019:1872-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-11358,CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: openSUSE Backports SLE-15-SP1 (src): python-Django-2.2.4-bp151.3.3.1
SUSE-SU-2019:2180-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1142880,1142882,1142883,1142885 CVE References: CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud 7 (src): python-Django-1.8.19-3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2257-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): python-Django-1.11.23-3.12.1 SUSE OpenStack Cloud 8 (src): python-Django-1.11.23-3.12.1 HPE Helion Openstack 8 (src): python-Django-1.11.23-3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done
SUSE-SU-2019:2335-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): python-Django1-1.11.23-3.9.1 SUSE OpenStack Cloud 9 (src): python-Django1-1.11.23-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.