Re: Remote file inclusion in django-markupfield

[Salvatore Bonaccorso <carnil () debian org>]

Hi,

On Sun, Apr 19, 2015 at 12:35:19PM -0400, Paul Tagliamonte wrote:
> Hey folks,
>
> An arbitrary file inclusion bug was discovered in django-markupfield.
>
> A CVE was issued from Debian, CVE-2015-0846, but the commit is public in
> the upstream repo, so this mail is to avoid deduplication of this issue.

For reference: This is the corresponding upstream commit:

https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3

Regards,
Salvatore