PublicDateAtUSN: 2019-08-01 10:00:00 UTC
Candidate: CVE-2019-14232
CRD: 2019-08-01 10:00:00 UTC
PublicDate: 2019-08-02 15:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
 https://ubuntu.com/security/notices/USN-4084-1
Description:
 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before
 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars()
 and words() methods were passed the html=True argument, they were extremely
 slow to evaluate certain inputs due to a catastrophic backtracking
 vulnerability in a regular expression. The chars() and words() methods are
 used to implement the truncatechars_html and truncatewords_html template
 filters, which were thus vulnerable.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_python-django:
upstream_python-django: needs-triage
precise/esm_python-django: DNE
trusty_python-django: ignored (out of standard support)
trusty/esm_python-django: needs-triage
xenial_python-django: released (1.8.7-1ubuntu5.10)
esm-infra/xenial_python-django: released (1.8.7-1ubuntu5.10)
bionic_python-django: released (1:1.11.11-1ubuntu1.5)
disco_python-django: released (1:1.11.20-1ubuntu0.2)
devel_python-django: released (1:1.11.22-1ubuntu1)