AVG-1014 log

Package python2-django
Status Fixed
Severity Medium
Type multiple issues
Affected 1.11.22-1
Fixed 1.11.23-1
Current 1.11.25-1 [extra]
Ticket None
Created Fri Aug 2 13:24:00 2019
Issue Severity Remote Type Description
CVE-2019-14235 Medium Yes Denial of service
If passed certain inputs, django.utils.encoding.uri_to_iri() could lead to significant memory usage due to excessive recursion when re- percent encoding...
CVE-2019-14234 Medium Yes Sql injection
Key and index lookups for JSONField and key lookups for HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary...
CVE-2019-14233 Medium Yes Denial of service
Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large...
CVE-2019-14232 Medium Yes Denial of service
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were passed the ``html=True`` argument, they were extremely slow to evaluate...
Date Advisory Package Description
05 Aug 2019 ASA-201908-3 python2-django multiple issues