Debian Security Advisory DSA 2755-1 (python-django - directory traversal)
Rainer Koirikivi discovered a directory traversal vulnerability with ssi template tags in python-django, a high-level Python web development framework. It was shown that the handling of the ALLOWEDINCLUDEROOTS setting, used to represent allowed prefixes for the % ssi % template tag, is vulnerable...