[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 206-1] python-django-markupfield security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : python-django-markupfield
Version        : 1.0.0a2-1+deb6u1
CVE ID         : CVE-2015-0846

James P. Turk discovered that the ReST renderer in django-markupfield,
a custom Django field for easy use of markup in text fields, didn't
disable the ..raw directive, allowing remote attackers to include
arbitrary files.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVNVw7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHfSoP/1R8XlVxd98A/ELOazCFsui4
xmpgN1cqZJJRr4kLVFFlG9+jjTnQ5PW6qt1PnLLOw919be1NKreUKDKDrTBCifNy
j5paj7AG4ChSrRQomIwD4iDsqr3ddQyyItvMebawL7kqtE5txCRbL0GpkmyQYGYQ
hxvXOUh7wIxgsTg7ihk/+NHwGV42KMIcz43qlwwZwlRKz2NJPXEQKqXWNRTae7Pv
cOudHrYjUtu2BUIT85eeMohNSQ0fM87OVM2I5dYGTBm609cHkIJm5y0cNlErAF7B
PlO5QzqSvAoXx6ekRvRFt0wQ4mbogTeEe1qwRp2mlbuS8WAh8wB51/5CwH6eJYpd
ic0axdjbJMO4jqGalMUL8TaiTksQH6apZU7yGuEgf4OxsjVIG7RZpuKrLiMzY4TS
JxtJhsBrjqWwReub2ReKqwwWVHVKOO11ieqNytDHe0/43Xv7x7Co6nS4QQqHDsYe
s4u8O8V9NJs00EKt8edvsiOKlum5k+AwnqLEfSayab/84ha44ZxFXZlDssuDg9vP
xAY8zFhFlrSnErcQXb7x+FaQ0R8owyfMHIRowgi7yxHMjDn/7nviQdPoyJIrox4y
S/UI1+pVw6RYgMOSOJrN0MXoSn2dBOpuEwxuVNXDh79z0q3T71kk4ltgnJETqOI6
SPuwWgGYELynYVlieeZq
=E4cv
-----END PGP SIGNATURE-----


Reply to: