Security update for python-Django1 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2375-1 Final 1 1 2018-08-16T08:06:29Z current 2018-08-16T08:06:29Z 2018-08-16T08:06:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-Django1 This update for python-Django1 to version 1.11.15 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware (boo#1102680) The following other bugs were fixed: - Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+ - Fixed a regression where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary - Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed - Fixed a regression where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00054.html E-Mail link for openSUSE-SU-2018:2375-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 python-Django1-1.11.15-lp150.2.3.1 python2-Django1-1.11.15-lp150.2.3.1 python-Django1-1.11.15-lp150.2.3.1 as a component of openSUSE Leap 15.0 python2-Django1-1.11.15-lp150.2.3.1 as a component of openSUSE Leap 15.0 django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. CVE-2018-14574 openSUSE Leap 15.0:python-Django1-1.11.15-lp150.2.3.1 openSUSE Leap 15.0:python2-Django1-1.11.15-lp150.2.3.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00054.html https://www.suse.com/security/cve/CVE-2018-14574.html CVE-2018-14574 https://bugzilla.suse.com/1102680 SUSE Bug 1102680