{"affected":[{"ecosystem_specific":{"binaries":[{"python-Django":"1.8.19-3.6.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 6","name":"python-Django","purl":"pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%206"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.19-3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-Django fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305)\n- CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. (bsc#1083304)\n- CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284)\n- CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451)\n- CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450)\n- CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047)\n- CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050)\n- CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374)\n- CVE-2016-2512: Vulnerability in the function tils.http.is_safe_url could allow remote users to arbitrary \n                 web site and conduct phishing attacks. (bsc#bnc#967999)\n","id":"SUSE-SU-2018:1102-1","modified":"2018-04-27T13:24:32Z","published":"2018-04-27T13:24:32Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181102-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1001374"},{"type":"REPORT","url":"https://bugzilla.suse.com/1008047"},{"type":"REPORT","url":"https://bugzilla.suse.com/1008050"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031450"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031451"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056284"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083304"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083305"},{"type":"REPORT","url":"https://bugzilla.suse.com/967999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2512"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7401"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9013"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9014"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7233"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7234"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7536"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7537"}],"related":["CVE-2016-2512","CVE-2016-7401","CVE-2016-9013","CVE-2016-9014","CVE-2017-12794","CVE-2017-7233","CVE-2017-7234","CVE-2018-7536","CVE-2018-7537"],"summary":"Security update for python-Django","upstream":["CVE-2016-2512","CVE-2016-7401","CVE-2016-9013","CVE-2016-9014","CVE-2017-12794","CVE-2017-7233","CVE-2017-7234","CVE-2018-7536","CVE-2018-7537"]}