Security update for python-Django SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0408-1 Final 1 1 2024-12-14T15:01:24Z current 2024-12-14T15:01:24Z 2024-12-14T15:01:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-Django This update for python-Django fixes the following issues: - CVE-2024-53907: Fixed potential denial-of-service in django.utils.html.strip_tags() (boo#1234232). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-408 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VSHKOGLVEWXPEXOIZB4OYAUWF7ICEI4K/ E-Mail link for openSUSE-SU-2024:0408-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1234232 SUSE Bug 1234232 https://www.suse.com/security/cve/CVE-2024-53907/ SUSE CVE CVE-2024-53907 page SUSE Package Hub 15 SP5 openSUSE Leap 15.5 An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. CVE-2024-53907 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VSHKOGLVEWXPEXOIZB4OYAUWF7ICEI4K/ https://www.suse.com/security/cve/CVE-2024-53907.html CVE-2024-53907 https://bugzilla.suse.com/1234232 SUSE Bug 1234232