AVG-649

Package python-django, python2-django
Status Fixed
Severity Medium
Type denial of service
Affected 1.11.10-1
Fixed 1.11.11-1
Current 2.1.5-1 [extra]
1.11.18-1 [extra]
Ticket None
Created Tue Mar 6 16:44:37 2018
Issue Severity Remote Type Description
CVE-2018-7537 Medium Yes Denial of service
If django.utils.text.Truncator’s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to...
CVE-2018-7536 Medium Yes Denial of service
The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular...
Date Advisory Package Description
06 Mar 2018 ASA-201803-6 python2-django denial of service
06 Mar 2018 ASA-201803-5 python-django denial of service
References
https://docs.djangoproject.com/en/dev/releases/1.11.11/