Debian-LTS alert DLA-206-1 (python-django-markupfield)

From:
    	     
 
Thorsten Alteholz <debian@alteholz.de> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 206-1] python-django-markupfield security update 
Date:
    	     
 
Mon, 20 Apr 2015 22:06:19 +0200 (CEST)
Message-ID:
    	     
 
<alpine.DEB.2.02.1504202205170.4435@jupiter.server.alteholz.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : python-django-markupfield
Version        : 1.0.0a2-1+deb6u1
CVE ID         : CVE-2015-0846

James P. Turk discovered that the ReST renderer in django-markupfield,
a custom Django field for easy use of markup in text fields, didn't
disable the ..raw directive, allowing remote attackers to include
arbitrary files.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVNVw7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHfSoP/1R8XlVxd98A/ELOazCFsui4
xmpgN1cqZJJRr4kLVFFlG9+jjTnQ5PW6qt1PnLLOw919be1NKreUKDKDrTBCifNy
j5paj7AG4ChSrRQomIwD4iDsqr3ddQyyItvMebawL7kqtE5txCRbL0GpkmyQYGYQ
hxvXOUh7wIxgsTg7ihk/+NHwGV42KMIcz43qlwwZwlRKz2NJPXEQKqXWNRTae7Pv
cOudHrYjUtu2BUIT85eeMohNSQ0fM87OVM2I5dYGTBm609cHkIJm5y0cNlErAF7B
PlO5QzqSvAoXx6ekRvRFt0wQ4mbogTeEe1qwRp2mlbuS8WAh8wB51/5CwH6eJYpd
ic0axdjbJMO4jqGalMUL8TaiTksQH6apZU7yGuEgf4OxsjVIG7RZpuKrLiMzY4TS
JxtJhsBrjqWwReub2ReKqwwWVHVKOO11ieqNytDHe0/43Xv7x7Co6nS4QQqHDsYe
s4u8O8V9NJs00EKt8edvsiOKlum5k+AwnqLEfSayab/84ha44ZxFXZlDssuDg9vP
xAY8zFhFlrSnErcQXb7x+FaQ0R8owyfMHIRowgi7yxHMjDn/7nviQdPoyJIrox4y
S/UI1+pVw6RYgMOSOJrN0MXoSn2dBOpuEwxuVNXDh79z0q3T71kk4ltgnJETqOI6
SPuwWgGYELynYVlieeZq
=E4cv
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/alpine.DEB.2.02.1504202205170.44...