[3.8] py-django: Multiple vulnerabilitie (CVE-2018-7536, CVE-2018-7537)
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters
The django.utils.html.urlize() function was extremely slow to evaluate
certain inputs due to catastrophic
backtracking vulnerabilities in two regular expressions (one regular
expression for Django 1.8). The urlize()
function is used to implement the urlize and urlizetrunc template
filters, which were thus vulnerable.
Fixed In Version:
Django 2.0.3, Django 1.11.11, Django 1.8.19
References:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
http://openwall.com/lists/oss-security/2018/03/06/4
CVE-2018-7537: Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
If django.utils.text.Truncator’s chars() and words() methods were passed
the html=True argument, they were
extremely slow to evaluate certain inputs due to a catastrophic
backtracking vulnerability in a regular expression.
The chars() and words() methods are used to implement the
truncatechars_html and truncatewords_html
template filters, which were thus vulnerable.
Fixed In Version:
Django 2.0.3, Django 1.11.11, Django 1.8.19
References:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
http://openwall.com/lists/oss-security/2018/03/06/4
(from redmine: issue id 8636, created on 2018-03-12, closed on 2018-03-13)
- Relations:
- copied_to #8635 (closed)
- parent #8635 (closed)
- Changesets:
- Revision 7f0d54ba on 2018-03-12T14:01:35Z:
main/py-django: security upgrade to 1.11.11
CVE-2018-7536, CVE-2018-7537
Fixes #8636