{"affected":[{"ecosystem_specific":{"binaries":[{"python-Django":"1.6.11-6.5.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 5","name":"python-Django","purl":"pkg:rpm/suse/python-Django&distro=SUSE%20Enterprise%20Storage%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.6.11-6.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-Django fixes the following security issues:\n\n- CVE-2016-2512: The utils.http.is_safe_url function allowed remote attackers\n  to redirect users to arbitrary web sites and conduct phishing attacks or\n  possibly conduct cross-site scripting (XSS) attacks via a URL containing basic\n  authentication (bsc#967999).\n- CVE-2018-7536: The django.utils.html.urlize() function was extremely slow to\n  evaluate certain inputs due to catastrophic backtracking vulnerabilities\n  (bsc#1083304).\n- CVE-2018-7537: If django.utils.text.Truncator's chars() and words() methods\n  were passed the html=True argument, they were extremely slow to evaluate\n  certain inputs due to a catastrophic backtracking vulnerability in a regular\n  expression (bsc#1083305).\n","id":"SUSE-SU-2018:1830-1","modified":"2018-06-27T13:35:42Z","published":"2018-06-27T13:35:42Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181830-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083304"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083305"},{"type":"REPORT","url":"https://bugzilla.suse.com/967999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2512"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7536"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7537"}],"related":["CVE-2016-2512","CVE-2018-7536","CVE-2018-7537"],"summary":"Security update for python-Django","upstream":["CVE-2016-2512","CVE-2018-7536","CVE-2018-7537"]}