[SECURITY] [DLA 206-1] python-django-markupfield security update

ID DEBIAN:DLA-206-1:62432
Type debian
Reporter Debian
Modified 2015-04-20T20:06:19


Package : python-django-markupfield Version : 1.0.0a2-1+deb6u1 CVE ID : CVE-2015-0846

James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn't disable the ..raw directive, allowing remote attackers to include arbitrary files.