Bugzilla – Bug 937524
VUL-1: CVE-2015-5145: python-django: Denial-of-service possibility in URL validation
Last modified: 2020-05-04 07:45:38 UTC
https://www.djangoproject.com/weblog/2015/jul/08/security-releases/ Denial-of-service possibility in URL validation django.core.validators.URLValidator included a regular expression that was extremely slow to evaluate against certain inputs. This regular expression has been simplified and optimized. Thanks João Silva and Ross Brunton for reporting the issue. This issue has been assigned the identifier CVE-2015-5145. Fixed in 1.8.3, not affecting 1.4,1.7. https://github.com/django/django/commit/17d3a6d8044752f482453f5906026eaf12c39e8e References: https://bugzilla.redhat.com/show_bug.cgi?id=1240526 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5145
Does not affect SLE. Does not affect openSUSE 13.2. openSUSE Factory is at 1.8.2, affected.
bugbot adjusting priority
submitted to Factory.
This is an autogenerated message for OBS integration: This bug (937524) was mentioned in https://build.opensuse.org/request/show/315825 Factory / python-Django
thanks
This is an autogenerated message for OBS integration: This bug (937524) was mentioned in https://build.opensuse.org/request/show/559133 Factory / python-Django1