{"affected":[{"ecosystem_specific":{"binaries":[{"python-Django":"1.6.11-3.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 2","name":"python-Django","purl":"pkg:rpm/suse/python-Django&distro=SUSE%20Enterprise%20Storage%202"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.11-3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nThis update fixes the following security issues:\n\n\n- (bnc#955412, CVE-2015-8213) Possible settings leak in date template filter \n\n- (bnc#937522, CVE-2015-5143) Possible denial-of-service in session store\n\n- (bnc#937523, CVE-2015-5144) Possible Header injection\n\n- (bnc#941587, CVE-2015-5963) Possible denial-of-service by filling session store via logout()\n\n","id":"SUSE-SU-2016:0044-1","modified":"2016-01-07T11:04:29Z","published":"2016-01-07T11:04:29Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160044-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/937522"},{"type":"REPORT","url":"https://bugzilla.suse.com/937523"},{"type":"REPORT","url":"https://bugzilla.suse.com/941587"},{"type":"REPORT","url":"https://bugzilla.suse.com/955412"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5143"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5963"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8213"}],"related":["CVE-2015-5143","CVE-2015-5144","CVE-2015-5963","CVE-2015-8213"],"summary":"Security update for python-Django","upstream":["CVE-2015-5143","CVE-2015-5144","CVE-2015-5963","CVE-2015-8213"]}