Bugzilla – Bug 1142885
VUL-0: CVE-2019-14235: python-Django: Potential memory exhaustion in ``django.utils.encoding.uri_to_iri()``
Last modified: 2020-05-04 07:45:34 UTC
now public through https://www.djangoproject.com/weblog/2019/aug/01/security-releases/ CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri() If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to excessive recursion when re-percent-encoding invalid UTF-8 octet sequences. uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8 octet sequences.
This is an autogenerated message for OBS integration: This bug (1142885) was mentioned in https://build.opensuse.org/request/show/720189 Factory / python-Django https://build.opensuse.org/request/show/720190 Factory / python-Django1 https://build.opensuse.org/request/show/720192 15.1 / python-Django
openSUSE-SU-2019:1839-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-11358,CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: openSUSE Leap 15.1 (src): python-Django-2.2.4-lp151.2.3.1
openSUSE-SU-2019:1872-1: An update that fixes 7 vulnerabilities is now available. Category: security (moderate) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-11358,CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: openSUSE Backports SLE-15-SP1 (src): python-Django-2.2.4-bp151.3.3.1
SUSE-SU-2019:2180-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1142880,1142882,1142883,1142885 CVE References: CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud 7 (src): python-Django-1.8.19-3.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2257-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): python-Django-1.11.23-3.12.1 SUSE OpenStack Cloud 8 (src): python-Django-1.11.23-3.12.1 HPE Helion Openstack 8 (src): python-Django-1.11.23-3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released
SUSE-SU-2019:2335-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1136468,1139945,1142880,1142882,1142883,1142885 CVE References: CVE-2019-12308,CVE-2019-12781,CVE-2019-14232,CVE-2019-14233,CVE-2019-14234,CVE-2019-14235 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): python-Django1-1.11.23-3.9.1 SUSE OpenStack Cloud 9 (src): python-Django1-1.11.23-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.