CVE-2018-16984 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view (but not change) permission to the user model were displayed the entire hash. While it's typically infeasible to reverse a strong password hash, if your site uses weaker password hashing algorithms such as MD5 or SHA1, it could be a problem.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-774	python2-django	1.11.15-1		Medium	Not affected
AVG-773	python-django	2.1.1-1	2.1.2-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
01 Oct 2018	ASA-201810-5	AVG-773	python-django	Medium	information disclosure

References
https://www.djangoproject.com/weblog/2018/oct/01/security-release/ https://github.com/django/django/commit/c4bd5b597e0aa2432e4c867b86650f18af117851