Debian Security Advisory

DLA-206-1 python-django-markupfield -- LTS security update

Date Reported:
20 Apr 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-0846.
More information:

James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn't disable the ..raw directive, allowing remote attackers to include arbitrary files.