Advisories » MGASA-2019-0086

Updated python-django packages fix security vulnerability

Publication date: 14 Feb 2019
Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-6975

Description

If django.utils.numberformat.format() -- used by contrib.admin as well as
the floatformat, filesizeformat, and intcomma templates filters -- received
a Decimal with a large number of digits or a large exponent, it could lead
to significant memory usage due to a call to '{:f}'.format()
(CVE-2019-6975).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24348
• https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6975

SRPMS

6/core

• python-django-1.8.19-1.2.mga6