Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 19 Apr 2015 19:41:25 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Remote file inclusion in django-markupfield

Hi,

On Sun, Apr 19, 2015 at 12:35:19PM -0400, Paul Tagliamonte wrote:
> Hey folks,
> 
> An arbitrary file inclusion bug was discovered in django-markupfield.
> 
> A CVE was issued from Debian, CVE-2015-0846, but the commit is public in
> the upstream repo, so this mail is to avoid deduplication of this issue.

For reference: This is the corresponding upstream commit:

https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ