diff options
| author | Tim Graham <timograham@gmail.com> | 2018-02-24 16:22:43 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-03-06 08:30:40 -0500 |
| commit | 97b7dd59bb8d6163239061e2022153c3415d146d (patch) | |
| tree | 9226d827f280e10f46d7abba5a5228d2cfd87538 /docs/releases | |
| parent | 8618271caa0b09daba39ff3b46567d33ae1e1d3a (diff) | |
Fixed CVE-2018-7537 -- Fixed catastrophic backtracking in django.utils.text.Truncator.
Thanks James Davis for suggesting the fix.
Diffstat (limited to 'docs/releases')
| -rw-r--r-- | docs/releases/1.11.11.txt | 12 | ||||
| -rw-r--r-- | docs/releases/1.8.19.txt | 12 | ||||
| -rw-r--r-- | docs/releases/2.0.3.txt | 12 |
3 files changed, 36 insertions, 0 deletions
diff --git a/docs/releases/1.11.11.txt b/docs/releases/1.11.11.txt index 696465fd47..314338a541 100644 --- a/docs/releases/1.11.11.txt +++ b/docs/releases/1.11.11.txt @@ -16,3 +16,15 @@ expressions. The ``urlize()`` function is used to implement the ``urlize`` and The problematic regular expressions are replaced with parsing logic that behaves similarly. + +CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters +================================================================================================================== + +If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were +passed the ``html=True`` argument, they were extremely slow to evaluate certain +inputs due to a catastrophic backtracking vulnerability in a regular +expression. The ``chars()`` and ``words()`` methods are used to implement the +``truncatechars_html`` and ``truncatewords_html`` template filters, which were +thus vulnerable. + +The backtracking problem in the regular expression is fixed. diff --git a/docs/releases/1.8.19.txt b/docs/releases/1.8.19.txt index ae509f11c4..96410a331c 100644 --- a/docs/releases/1.8.19.txt +++ b/docs/releases/1.8.19.txt @@ -16,3 +16,15 @@ expression. The ``urlize()`` function is used to implement the ``urlize`` and The problematic regular expression is replaced with parsing logic that behaves similarly. + +CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters +================================================================================================================== + +If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were +passed the ``html=True`` argument, they were extremely slow to evaluate certain +inputs due to a catastrophic backtracking vulnerability in a regular +expression. The ``chars()`` and ``words()`` methods are used to implement the +``truncatechars_html`` and ``truncatewords_html`` template filters, which were +thus vulnerable. + +The backtracking problem in the regular expression is fixed. diff --git a/docs/releases/2.0.3.txt b/docs/releases/2.0.3.txt index a4c01302d1..a7c712c83f 100644 --- a/docs/releases/2.0.3.txt +++ b/docs/releases/2.0.3.txt @@ -18,6 +18,18 @@ expressions. The ``urlize()`` function is used to implement the ``urlize`` and The problematic regular expressions are replaced with parsing logic that behaves similarly. +CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html`` and ``truncatewords_html`` template filters +================================================================================================================== + +If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were +passed the ``html=True`` argument, they were extremely slow to evaluate certain +inputs due to a catastrophic backtracking vulnerability in a regular +expression. The ``chars()`` and ``words()`` methods are used to implement the +``truncatechars_html`` and ``truncatewords_html`` template filters, which were +thus vulnerable. + +The backtracking problem in the regular expression is fixed. + Bugfixes ======== |