User: Password:
|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2014-7224 (python-djblets)

From:  updates@fedoraproject.org
To:  package-announce@lists.fedoraproject.org
Subject:  [SECURITY] Fedora 19 Update: python-djblets-0.7.30-2.fc19
Date:  Tue, 17 Jun 2014 23:26:31 +0000
Message-ID:  <20140617232631.CB10220E51@bastion01.phx2.fedoraproject.org>

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-7224 2014-06-10 01:56:10 -------------------------------------------------------------------------------- Name : python-djblets Product : Fedora 19 Version : 0.7.30 Release : 2.fc19 URL : http://www.review-board.org Summary : A collection of useful classes and functions for Django Description : A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: Fixes two XSS vulnerabilities in Djblets (used by Review Board) -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.30-2 - Drop upstreamed patch * Fri Jun 6 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.30-1 - New upstream security release 0.7.30 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * Wed Apr 9 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.29-1 - New upstream release 0.7.29 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * Fri Feb 21 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.28-2 - Generate requires.txt with values appropriate for Fedora * Thu Jan 2 2014 Stephen Gallagher <sgallagh@redhat.com> - 0.7.28-1 - New upstream release 0.7.28 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * djblets.auth: * Fixed HTTP 500 errors when failing to save the registration form * Thu Dec 12 2013 Stephen Gallagher <sgallagh@redhat.com> - 0.7.27-1 - New upstream release 0.7.27 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * djblets.auth: * Added some human-readable labels for RegistrationForm. * RegistrationForm subclasses that make use of fields that normalize to non-strings no longer fail to save. * djblets.webapi: * Usernames with plus signs in them are now matched in the API. - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * djblets.util.fields: * Fixed JSONField in the administration UI. * djblets.webapi: * Added support for web API authentication backends. - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * Fixed a regression with the new webapi auth backend support * Wed Nov 27 2013 Stephen Gallagher <sgallagh@redhat.com> - 0.7.24-1 - New upstream release 0.7.24 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * djblets.util.http: * Fixed ETag matching * Tue Nov 5 2013 Stephen Gallagher <sgallagh@redhat.com> - 0.7.23-1 - New upstream release 0.7.23 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * djblets.webapi: * Added a has_list_access_permissions function, which is used to determine access to a list resource. - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * djblets.extensions: * AJAX_SERIAL is updated when extensions are enabled/disabled or their configuration changes, allowing templates using AJAX_SERIAL as part of their cache to invalidate. * djblets.siteconfig: * Reduced query counts for installs using siteconfig. * djblets.webapi: * Reduced query counts when returning payloads for list resources with no entries. * Common attribute lookups on WebAPIResource are now cached. - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * djblets.extensions: * Fix URL errors when configuring extensions with a custom SITE_ROOT. * djblets.util.fields: * JSONFields can now be safely edited through the administration UI, complete with validation. * jquery.gravy: * Fixed hiding the pencil icons on an inlineEditor when disabled. * Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk@gmail.com> - 0.7.21-1 - New upstream bugfix release 0.7.21 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... - Added a has_list_access_permissions function, which is used to determine access to a list resource. * Fri Oct 11 2013 Stephen Gallagher <sgallagh@redhat.com> - 0.7.20-1 - New upstream bugfix release 0.7.20 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... - Fixed regression with pagination on the datagrid * Thu Oct 10 2013 Stephen Gallagher <sgallagh@redhat.com> - 0.7.19-1 - New upstream security release 0.7.19 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... - Resolves: CVE-2013-4409 - Resolves unsanitized eval() vulnerability * Mon Sep 23 2013 Stephen Gallagher <sgallagh@redhat.com> - 0.7.18-1 - New upstream security release 0.7.18 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... - Web API resource lists are now more careful about access permissions. * Thu Aug 15 2013 Stephen Gallagher <sgallagh@redhat.com> - 0.7.17-1 - New upstream release 0.7.17 - http://downloads.reviewboard.org/releases/Djblets/0.7/Djb... * Mon Jul 29 2013 Stephen Gallagher <sgallagh@redhat.com> - 0.7.16-1 - New upstream release 0.7.16 - This release contains security fixes in the datagrid - JavaScript: * autoSizeTextArea now cleans up its hidden proxy elements when destroyed. * inlineEditor can be told not to focus a textarea by default by setting 'focusOnOpen' to false. * modalBox can place itself in an element other than <body> by setting the 'container' option to the element. * modalBox takes a 'boxID' option that, if specified, will set the ID of the modalBox element. * funcQueue now takes an optional context parameter for callback functions. - djblets.datagrid: * Data pulled from the database and rendered into cells are always escaped now. * Columns can now specify an image_class instead of an image_url. * Added a JavaScript reload() function that can be called on a datagrid element to trigger a dynamic reload from the server. - djblets.extensions: * Extensions can now specify their list of app directories. * Extensions can now specify the author's URL. * Improved the look and feel for extension configuration. * Improved the functionality for extension configuration. * Improved the list of available extensions. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1106845 - CVE-2014-3994 python-djblets: XSS Vulnerability in Djblets json_dumps() https://bugzilla.redhat.com/show_bug.cgi?id=1106845 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python-djblets' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds