drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in ReviewBoard
Name: |
Ausführen beliebiger Kommandos in ReviewBoard |
|
ID: |
FEDORA-2011-15935 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Di, 29. November 2011, 08:05 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4312 |
|
Applikationen: |
Review Board |
|
Originalnachricht |
Name : ReviewBoard Product : Fedora 16 Version : 1.6.3 Release : 1.fc16 URL : http://www.review-board.org Summary : Web-based code review tool Description : Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It scales well from small projects to large companies and offers a variety of tools to take much of the stress and time out of the code review process.
------------------------------------------------------------------------------- - Update Information:
- New upstream security release 1.6.3
- Security Fixes:
- A script injection vulnerability was discovered in the commenting system. This affected the diff viewer and screenshot pages, and allowed a commenter to break the page and execute JavaScript ------------------------------------------------------------------------------- - ChangeLog:
* Tue Nov 15 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-1 - New upstream security release 1.6.3 - Security Fixes: A script injection vulnerability was discovered in the commenting system. This affected the diff viewer and screenshot pages, and allowed a commenter to break the page and execute JavaScript * Thu Nov 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1 - New upstream release - http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.2/ - New Features: - Staff members can now access all Local Sites - Auto-generated e-mails are now marked as "auto-generated" to avoid auto replies - API Changes: - Added API for deleting review groups - Allow for archiving repositories - Bug Fixes: - Fixed the default Apache WSGI configuration for subdirectory installs - Added explicit permisisions in the default Apache configurations - The favicon for the page is now properly switching to the "New Updates" favicon on all browsers when there are review request updates - Specifying bug numbers on review requests without a repository no longer fails - Fixed saving captions for newly added screenshots and files - Fixed using special characters in SVN URLs - Fixed Bazaar when pointing to a repository root that exists on the local filesystem - Clicking Cancel on an "Add comment" box now fully removes the box, instead of leaving a bit of it behind - Fixed dashboard counters for brand new review requests on Local Sites - Group names in the dashboard are now ordered by name in the sidebar - Fixed a hard-coded media URL for the "Expand All" button - Fixed a problem with IE8 where the "Publish" button on comment dialogs weren’t being shown - Fixed API authentication failures when : was in the password ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #754130 - CVE-2011-4312 ReviewBoard: XSS in the commenting system (diff viewer and screenshot pages) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=754130 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update ReviewBoard' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|