From 46c2856543f97f41f520426483413eb8b64c878b Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Thu, 1 Aug 2019 12:01:27 +0200 Subject: [PATCH] [2.1.x] Added CVE-2019-14235 to security release archive. Backport of a5652eb795e896df0c0f2515201f35f9cd86b99b from master --- docs/releases/security.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/releases/security.txt b/docs/releases/security.txt index 450e36a87a..ef70cac0d9 100644 --- a/docs/releases/security.txt +++ b/docs/releases/security.txt @@ -1015,3 +1015,17 @@ Versions affected * Django 2.2 :commit:`(patch) <4f5b58f5cd3c57fee9972ab074f8dc6895d8f387>` * Django 2.1 :commit:`(patch) ` * Django 1.11 :commit:`(patch) ` + +August 1, 2019 - :cve:`2019-14235` +---------------------------------- + +Potential memory exhaustion in ``django.utils.encoding.uri_to_iri()``. `Full +description +`__ + +Versions affected +~~~~~~~~~~~~~~~~~ + +* Django 2.2 :commit:`(patch) ` +* Django 2.1 :commit:`(patch) <5d50a2e5fa36ad23ab532fc54cf4073de84b3306>` +* Django 1.11 :commit:`(patch) <869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79>`