Bugzilla – Bug 1142883
VUL-0: CVE-2019-14234: python-Django: SQL injection possibility in key and index lookups for ``JSONField``/``HStoreField``
Last modified: 2020-05-04 07:45:30 UTC
Now public through https://www.djangoproject.com/weblog/2019/aug/01/security-releases/ CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField Key and index lookups for django.contrib.postgres.fields.JSONField and key lookups for django.contrib.postgres.fields.HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter().
This is an autogenerated message for OBS integration: This bug (1142883) was mentioned in https://build.opensuse.org/request/show/720189 Factory / python-Django https://build.opensuse.org/request/show/720190 Factory / python-Django1 https://build.opensuse.org/request/show/720192 15.1 / python-Django
openSUSE-SU-2019:1839-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-11358,CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: openSUSE Leap 15.1 (src): python-Django-2.2.4-lp151.2.3.1
openSUSE-SU-2019:1872-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-11358,CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: openSUSE Backports SLE-15-SP1 (src): python-Django-2.2.4-bp151.3.3.1
SUSE-SU-2019:2180-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1142880,1142882,1142883,1142885 CVE References: CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud 7 (src): python-Django-1.8.19-3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2257-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): python-Django-1.11.23-3.12.1 SUSE OpenStack Cloud 8 (src): python-Django-1.11.23-3.12.1 HPE Helion Openstack 8 (src): python-Django-1.11.23-3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done
SUSE-SU-2019:2335-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): python-Django1-1.11.23-3.9.1 SUSE OpenStack Cloud 9 (src): python-Django1-1.11.23-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.