Date: Sun, 19 Apr 2015 19:41:25 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Remote file inclusion in django-markupfield Hi, On Sun, Apr 19, 2015 at 12:35:19PM -0400, Paul Tagliamonte wrote: > Hey folks, > > An arbitrary file inclusion bug was discovered in django-markupfield. > > A CVE was issued from Debian, CVE-2015-0846, but the commit is public in > the upstream repo, so this mail is to avoid deduplication of this issue. For reference: This is the corresponding upstream commit: https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ