{"affected":[{"ecosystem_specific":{"binaries":[{"python-Django":"1.6.11-8.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 1.0","name":"python-Django","purl":"pkg:rpm/suse/python-Django&distro=SUSE%20Enterprise%20Storage%201.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.11-8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for python-Django fixes the following security issues:\n\n- Prevent Denial-of-service possibility by filling session store. (bsc#937522, CVE-2015-5143)\n- Prevent Header injection possibility. (bsc#937523, CVE-2015-5144)\n- A remote denial of service (resource exhaustion) attack against the django session store\n  was fixed in Python Django.  This might have allowed remote attackers to exhaust existing\n  web sessions. (bsc#941587, CVE-2015-5963)\n","id":"SUSE-SU-2015:1815-1","modified":"2015-10-15T02:36:44Z","published":"2015-10-15T02:36:44Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151815-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/937522"},{"type":"REPORT","url":"https://bugzilla.suse.com/937523"},{"type":"REPORT","url":"https://bugzilla.suse.com/941587"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5143"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5963"}],"related":["CVE-2015-5143","CVE-2015-5144","CVE-2015-5963"],"summary":"Security update for python-Django","upstream":["CVE-2015-5143","CVE-2015-5144","CVE-2015-5963"]}