Security update for python-Django1 (important)

ID OPENSUSE-SU-2018:2809-1
Type suse
Reporter Suse
Modified 2018-09-22T09:30:22


This update for python-Django1 to version 1.11.15 fixes the following issues:

The following security vulnerability was fixed:

  • CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware (boo#1102680)

The following other bugs were fixed:

  • Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+
  • Fixed a regression where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary
  • Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed
  • Fixed a regression where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns

This update was imported from the openSUSE:Leap:15.0:Update update project.