[ubuntu/eoan-proposed] python-django 1:1.11.22-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Sep 19 14:39:13 UTC 2019 

python-django (1:1.11.22-1ubuntu1) eoan; urgency=medium

  * SECURITY UPDATE: Denial-of-service possibility in
    django.utils.text.Truncator
    - debian/patches/CVE-2019-14232.patch: adjusted regex to avoid
      backtracking issues when truncating HTML in django/utils/text.py,
      tests/template_tests/filter_tests/test_truncatewords_html.py,
      tests/utils_tests/test_text.py.
    - CVE-2019-14232
  * SECURITY UPDATE: Denial-of-service possibility in strip_tags()
    - debian/patches/CVE-2019-14233.patch: prevented excessive HTMLParser
      recursion in strip_tags() when handling incomplete HTML entities in
      django/utils/html.py, tests/utils_tests/test_html.py.
    - CVE-2019-14233
  * SECURITY UPDATE: SQL injection possibility in key and index lookups for
    JSONField/HStoreField
    - debian/patches/CVE-2019-14234.patch: protected JSONField/HStoreField
      key and index lookups against SQL injection in
      django/contrib/postgres/fields/hstore.py,
      django/contrib/postgres/fields/jsonb.py,
      tests/postgres_tests/test_hstore.py,
      tests/postgres_tests/test_json.py.
    - CVE-2019-14234
  * SECURITY UPDATE: Potential memory exhaustion in
    django.utils.encoding.uri_to_iri()
    - debian/patches/CVE-2019-14235.patch: fixed potential memory
      exhaustion in django.utils.encoding.uri_to_iri() in
      django/utils/encoding.py, tests/utils_tests/test_encoding.py.
    - CVE-2019-14235

Date: Thu, 19 Sep 2019 16:21:15 +0200
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/python-django/1:1.11.22-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Sep 2019 16:21:15 +0200
Source: python-django
Architecture: source
Version: 1:1.11.22-1ubuntu1
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 python-django (1:1.11.22-1ubuntu1) eoan; urgency=medium
 .
   * SECURITY UPDATE: Denial-of-service possibility in
     django.utils.text.Truncator
     - debian/patches/CVE-2019-14232.patch: adjusted regex to avoid
       backtracking issues when truncating HTML in django/utils/text.py,
       tests/template_tests/filter_tests/test_truncatewords_html.py,
       tests/utils_tests/test_text.py.
     - CVE-2019-14232
   * SECURITY UPDATE: Denial-of-service possibility in strip_tags()
     - debian/patches/CVE-2019-14233.patch: prevented excessive HTMLParser
       recursion in strip_tags() when handling incomplete HTML entities in
       django/utils/html.py, tests/utils_tests/test_html.py.
     - CVE-2019-14233
   * SECURITY UPDATE: SQL injection possibility in key and index lookups for
     JSONField/HStoreField
     - debian/patches/CVE-2019-14234.patch: protected JSONField/HStoreField
       key and index lookups against SQL injection in
       django/contrib/postgres/fields/hstore.py,
       django/contrib/postgres/fields/jsonb.py,
       tests/postgres_tests/test_hstore.py,
       tests/postgres_tests/test_json.py.
     - CVE-2019-14234
   * SECURITY UPDATE: Potential memory exhaustion in
     django.utils.encoding.uri_to_iri()
     - debian/patches/CVE-2019-14235.patch: fixed potential memory
       exhaustion in django.utils.encoding.uri_to_iri() in
       django/utils/encoding.py, tests/utils_tests/test_encoding.py.
     - CVE-2019-14235
Checksums-Sha1:
 2f098e78ee2bd2a34b0a9ac8e61dc19a58e9a371 3342 python-django_1.11.22-1ubuntu1.dsc
 e0cc6b02a19c1d93919cee8d8db1553ef0fb0063 30808 python-django_1.11.22-1ubuntu1.debian.tar.xz
 4ff35fb66a66cc21e94e123ef025edd4705418e2 13704 python-django_1.11.22-1ubuntu1_source.buildinfo
Checksums-Sha256:
 3286a3b8edd149daf46f90388138d0666b7fdba7edaf3643a05d8b47d053b40c 3342 python-django_1.11.22-1ubuntu1.dsc
 db34e8491389cf87135eb361999ceb0ea8476987621cb4407f20fbb6b8a28f92 30808 python-django_1.11.22-1ubuntu1.debian.tar.xz
 79ea837113941e697c22b92885c3f429658f56bf53cbb87e62e2866a9ac2a4a6 13704 python-django_1.11.22-1ubuntu1_source.buildinfo
Files:
 7f09bafb0af8453db9d78f1edd2702bc 3342 python optional python-django_1.11.22-1ubuntu1.dsc
 9a05780cc79e19e382ab9650b346eefa 30808 python optional python-django_1.11.22-1ubuntu1.debian.tar.xz
 309896e364890429f38db5351de9f569 13704 python optional python-django_1.11.22-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl2DkdAACgkQZWnYVadE
vpOMDg//SeYOQkbXf1kkZSBKVZ+IjCpGbzEh3Xq8hc5htb7ST8NiJu3tHSvjaU8Q
78bnLmENSoVIlxVxIgizxqFy4vSha1z25Gm85QPUD1DkUBjhcwEAwRe8KKuo0M6/
mTMYt2xbIQr1hqg4dlQk7mE8WVj1slDHlV7vSFc9BkXiKyoWgXQAMQqs8t4p6IFM
HnQulSKIhQ+F2KHOzgxYCfbuziTvjHzofawnlEDhNfhmNgTb7mnlZjtFetURxpLy
SvK+pwcYLIEI6fz1bsbTHsLULpDw1dJ6dq7uS0WWdKtjoelx2IyFJgu8soGJH384
uatzCVoe4upbgRNaVFP2pWtggajZ4qiv0qquFQxPrc0xx74MbNOB5zSoXNWY+Y6f
NO2oF7kNEMVjFte1w+xkIgfgnM+3SCk13CMN7/6C83pZi+vXsI9qfQlbx+YUGBPE
i9sZJEPP4Cqbj9WdJJjPriPsEAM3fJR7aoz2NYECRS5lmYnOJevrnLNAmvMXLUk8
Pk74WoijxhucyW2prHtBWmj9ulvwR85CWBqcDnteeQzshu+3UIn4ysibjGYg3qQi
uDQOIWUNgtYv54bQI8QY84UWfRVSx7goELEd99+LHSuyRs2j/LGG5gx1rbtTkc4X
bPtzIdABMNuZ6Z7oCRLgx/AlzqAzS0WxXvLrw/QaKJmwrpW6lnw=
=f//y
-----END PGP SIGNATURE-----

More information about the Eoan-changes mailing list