2 matches found
Debian DLA-206-1 : python-django-markupfield security update
James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn't disable the ..raw directive, allowing remote attackers to include arbitrary files. NOTE: Tenable Network Security has extracted the preceding description bloc...
[SECURITY] [DLA 206-1] python-django-markupfield security update
Package : python-django-markupfield Version : 1.0.0a2-1+deb6u1 CVE ID : CVE-2015-0846 James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didnt disable the ..raw directive, allowing remote attackers to include arbitra...