[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1423{2,3,4,5}/python-django

Fri Aug 2 20:03:43 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
130f7ab5 by Salvatore Bonaccorso at 2019-08-02T19:03:05Z
Add CVE-2019-1423{2,3,4,5}/python-django

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1305,14 +1305,30 @@ CVE-2019-14237
 	RESERVED
 CVE-2019-14236
 	RESERVED
-CVE-2019-14235
-	RESERVED
-CVE-2019-14234
-	RESERVED
-CVE-2019-14233
-	RESERVED
-CVE-2019-14232
-	RESERVED
+CVE-2019-14235 [Potential memory exhaustion in django.utils.encoding.uri_to_iri()]
+	RESERVED
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
+	NOTE: https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534 (2.2.x)
+	NOTE: https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79 (1.11.x)
+CVE-2019-14234 [SQL injection possibility in key and index lookups for JSONField/HStoreField]
+	RESERVED
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
+	NOTE: https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387 (2.2.x)
+	NOTE: https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef (1.11.x)
+CVE-2019-14233 [the behavior of the underlying HTMLParser leading to DoS]
+	RESERVED
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
+	NOTE: https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7 (2.2.x)
+	NOTE: https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72 (1.11.x)
+CVE-2019-14232 [backtracking in a regular expression in django.utils.text.Truncator leads to DoS]
+	RESERVED
+	- python-django <unfixed>
+	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
+	NOTE: https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f (2.2.x)
+	NOTE: https://github.com/django/django/commit/42a66e969023c00536256469f0e8b8a099ef109d (1.11.x)
 CVE-2019-14231 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin bef ...)
 	NOT-FOR-US: Viral Quiz Maker
 CVE-2019-14230 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin bef ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/130f7ab59051d9497564b28d525258a0baaf9977

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/130f7ab59051d9497564b28d525258a0baaf9977
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190802/d2909043/attachment.html>
