oss-sec mailing list archives
Re: Remote file inclusion in django-markupfield
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 19 Apr 2015 19:41:25 +0200
Hi, On Sun, Apr 19, 2015 at 12:35:19PM -0400, Paul Tagliamonte wrote:
Hey folks, An arbitrary file inclusion bug was discovered in django-markupfield. A CVE was issued from Debian, CVE-2015-0846, but the commit is public in the upstream repo, so this mail is to avoid deduplication of this issue.
For reference: This is the corresponding upstream commit: https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3 Regards, Salvatore
Current thread:
- Remote file inclusion in django-markupfield Paul Tagliamonte (Apr 19)
- Re: Remote file inclusion in django-markupfield Salvatore Bonaccorso (Apr 19)