July 15, 2019 Alexey Shabalin 2.2.3-alt1
- 2.2.3
- build python3 only
- rename package to python3-module-django2.2
- Fixes for the following security vulnerabilities:
+ CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS
+ CVE-2019-12308 AdminURLFieldWidget XSS
+ CVE-2019-6975 Memory exhaustion in django.utils.numberformat.format()
+ CVE-2019-3498 Content spoofing possibility in the default 404 page
+ CVE-2018-16984 Password hash disclosure to view only admin users
+ CVE-2018-14574 Open redirect possibility in CommonMiddleware
+ CVE-2018-7536 Denial-of-service possibility in urlize and urlizetrunc template filters
+ CVE-2018-7537 Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
+ CVE-2018-6188 Information leakage in AuthenticationForm