openSUSE Security Update: Security update for python-Django ______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:2488-1 Rating: moderate References: #1102680 Cross-References: CVE-2018-14574 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
This update for python-Django to version 2.08 fixes the following issues:
The following security vulnerability was fixed:
- CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware (boo#1102680)
The following other bugs were fixed:
- Fixed a regression in Django 2.0.7 that broke the regex lookup on MariaDB - Fixed a regression where django.template.Template crashed if the template_string argument is lazy - Fixed __regex and __iregex lookups with MySQL - Fixed admin check crash when using a query expression in ModelAdmin.ordering - Fixed admin changelist crash when using a query expression without asc() or desc() in the page’s ordering - Fixed a regression that broke custom template filters that use decorators - Fixed detection of custom URL converters in included pattern - Fixed a regression that added an unnecessary subquery to the GROUP BY clause on MySQL when using a RawSQL annotation - Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+ - Fixed a regression in Django 1.10 that could result in large memory usage when making edits using ModelAdmin.list_editable - Corrected the import paths that inspectdb generates for django.contrib.postgres fields - Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed - Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2018-914=1
- openSUSE Leap 15.0 (noarch):