advisories/24348.adv

type: security
subject: Updated python-django packages fix security vulnerability
CVE:
 - CVE-2019-6975
src:
  6:
   core:
     - python-django-1.8.19-1.2.mga6
description: |
  If django.utils.numberformat.format() -- used by contrib.admin as well as
  the floatformat, filesizeformat, and intcomma templates filters -- received
  a Decimal with a large number of digits or a large exponent, it could lead
  to significant memory usage due to a call to '{:f}'.format()
  (CVE-2019-6975).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24348
 - https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
ID: MGASA-2019-0086
1	type: security
2	subject: Updated python-django packages fix security vulnerability
3	CVE:
4	- CVE-2019-6975
5	src:
6	6:
7	core:
8	- python-django-1.8.19-1.2.mga6
9	description: \|
10	If django.utils.numberformat.format() -- used by contrib.admin as well as
11	the floatformat, filesizeformat, and intcomma templates filters -- received
12	a Decimal with a large number of digits or a large exponent, it could lead
13	to significant memory usage due to a call to '{:f}'.format()
14	(CVE-2019-6975).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=24348
17	- https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
18	ID: MGASA-2019-0086