Errata overview
Errata ID 190
Date 2019-07-24
Source package python-django
Fixed in version 1:1.10.7-2+deb9u5
This update addresses the following issues:
* Memory exhaustion in django.utils.numberformat.format() (CVE-2019-6975)
* Missing URL validation by AdminURLFieldWidget leads to generation of
  clickable unsafe JavaScript link causing cross site scripting
* Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Additional notes
CVE ID CVE-2019-6975
UCS Bug number #49887