stable

python-djblets-0.7.21-1.el6 and ReviewBoard-1.7.16-2.el6.1

FEDORA-EPEL-2013-11817 created by sgallagh 10 years ago for Fedora EPEL 6
Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of private review requests would show up on some pages (though the review requests themselves were not accessible).

These issues do not affect most of the installations out there, but we strongly recommend upgrading anyway. There are no known cases of anyone exploiting these bugs, and in fact we discovered these internally while building new tools to test for security vulnerabilities in our codebase.

There are also some other bug fixes, and important changes needed for extensions that provide their own REST APIs.

This update has been submitted for testing by sgallagh.

10 years ago

sgallagh has edited this update. New build(s): python-djblets-0.7.20-1.el6. Removed build(s): python-djblets-0.7.19-1.el6.

10 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

sgallagh has edited this update. New build(s): ReviewBoard-1.7.16-2.el6, python-djblets-0.7.21-1.el6. Removed build(s): python-djblets-0.7.20-1.el6, ReviewBoard-1.7.15-1.el6.

10 years ago

This update has been submitted for testing by sgallagh.

10 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

sgallagh has edited this update. New build(s): ReviewBoard-1.7.16-2.el6.1. Removed build(s): ReviewBoard-1.7.16-2.el6.

10 years ago

This update has been submitted for testing by sgallagh.

10 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

10 years ago

This update has been pushed to testing

10 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

10 years ago

This update has been submitted for stable by sgallagh.

10 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

10 years ago

This update has been pushed to stable

10 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
10 years ago
in testing
10 years ago
in stable
10 years ago
modified
10 years ago
BZ#1016596 CVE-2013-4410 ReviewBoard: access-control problems with REST API
0
0
BZ#1016599 CVE-2013-4411 ReviewBoard: URL processing allows unauthorized users to view review lists
0
0
BZ#1016601 CVE-2013-4409 python-djblets: unsanitized eval() vulnerability
0
0
BZ#1018000 CVE-2013-4410 CVE-2013-4411 ReviewBoard: various flaws [epel-6]
0
0
BZ#1018002 CVE-2013-4409 python-djblets: unsanitized eval() vulnerability [epel-6]
0
0
BZ#1018598 ReviewBoard-1.7.16 is available
0
0

Automated Test Results