Security update for python-Django SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3187-1 Final 1 1 2024-09-10T08:44:31Z current 2024-09-10T08:44:31Z 2024-09-10T08:44:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-Django This update for python-Django fixes the following issues: There is an issue with the previous fix for CVE-2024-45230. Please consider the following vulnerability fixed only after the installation of this update. - CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3187,openSUSE-SLE-15.5-2024-3187 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243187-1/ Link for SUSE-SU-2024:3187-1 https://lists.suse.com/pipermail/sle-security-updates/2024-September/019406.html E-Mail link for SUSE-SU-2024:3187-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1229823 SUSE Bug 1229823 https://www.suse.com/security/cve/CVE-2024-45230/ SUSE CVE CVE-2024-45230 page openSUSE Leap 15.5 python3-Django-2.0.7-150000.1.36.1 python3-Django-2.0.7-150000.1.36.1 as a component of openSUSE Leap 15.5 An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. CVE-2024-45230 openSUSE Leap 15.5:python3-Django-2.0.7-150000.1.36.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243187-1/ https://www.suse.com/security/cve/CVE-2024-45230.html CVE-2024-45230 https://bugzilla.suse.com/1229823 SUSE Bug 1229823