
<html>

  <head>


    <meta http-equiv="content-type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>On Mon, 11 Feb 2019 10:15:54 -0200 Herbert Fortes

      <a class="moz-txt-link-rfc2396E" href="mailto:terberh@gmail.com"><terberh@gmail.com></a> wrote:</p>

    > Package: python-django<br>

    > Version: Django 2.2, 1.11<br>

    > Severity: normal<br>

    > <br>

    > <br>

    > CVE-2019-6975: Memory exhaustion in

    django.utils.numberformat.format()<br>

    > <br>

    > If django.utils.numberformat.format() -- used by contrib.admin

    as well as the the floatformat, filesizeformat, and intcomma

    templates filters -- received a Decimal with a large number of

    digits or a large exponent, it could lead to significant memory

    usage due to a call to '{:f}'.format().<br>

    > <br>

    > To avoid this, decimals with more than 200 digits are now

    formatted using scientific notation.<br>

    > <br>

    > Thanks Sjoerd Job Postmus for reporting this issue.<br>

    > Affected supported versions<br>

    > <br>

    >     Django master branch<br>

    >     Django 2.2 (which will be released in a separate blog post

    later today)<br>

    >     Django 2.1<br>

    >     Django 2.0<br>

    >     Django 1.11<br>

    > <br>

    > Per our supported versions policy, Django 1.10 and older are no

    longer supported.<br>

    > <br>

    >

    <a class="moz-txt-link-freetext" href="https://www.djangoproject.com/weblog/2019/feb/11/security-releases/">https://www.djangoproject.com/weblog/2019/feb/11/security-releases/</a><br>

    <p>> <br>

    </p>

    <h1 id="trac-ticket-title" class="searchable"><span class="summary">Broken

        django 1.11.19 release for python2.7</span></h1>

    <p><br>

    </p>

    <p>It looks like the distributed django 1.11.19 release does not

      match the code in 1.11.19 tag.</p>

    <table class="changes">

      <tbody>

        <tr class="trac-field-component">

          <th class="trac-field-component">Component:</th>

          <td> <span class="trac-field-old">Uncategorized</span> → <span

              class="trac-field-new">Core (Other)</span> </td>

        </tr>

        <tr class="trac-field-stage">

          <th class="trac-field-stage">Triage Stage:</th>

          <td> <span class="trac-field-old">Unreviewed</span> → <span

              class="trac-field-new">Accepted</span> </td>

        </tr>

        <tr class="trac-field-type">

          <th class="trac-field-type">Type:</th>

          <td> <span class="trac-field-old">Uncategorized</span> → <span

              class="trac-field-new">Bug</span> </td>

        </tr>

      </tbody>

    </table>

    <p><br>

    </p>

    <p><a class="moz-txt-link-freetext" href="https://code.djangoproject.com/ticket/30175">https://code.djangoproject.com/ticket/30175</a><br>

    </p>

  </body>

</html>