PublicDateAtUSN: 2018-03-06 14:00:00 UTC
Candidate: CVE-2018-7537
CRD: 2018-03-06 14:00:00 UTC
PublicDate: 2018-03-09 20:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7537
 https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
 https://ubuntu.com/security/notices/USN-3591-1
Description:
 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11,
 and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words()
 methods were passed the html=True argument, they were extremely slow to
 evaluate certain inputs due to a catastrophic backtracking vulnerability in
 a regular expression. The chars() and words() methods are used to implement
 the truncatechars_html and truncatewords_html template filters, which were
 thus vulnerable.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: James Davis
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM]


Patches_python-django:
upstream_python-django: released (1.8.19,1.11.11)
precise/esm_python-django: DNE
trusty_python-django: released (1.6.11-0ubuntu1.2)
trusty/esm_python-django: released (1.6.11-0ubuntu1.2)
xenial_python-django: released (1.8.7-1ubuntu5.6)
esm-infra/xenial_python-django: released (1.8.7-1ubuntu5.6)
artful_python-django: released (1:1.11.4-1ubuntu1.2)
devel_python-django: released (1:1.11.11-1ubuntu1)