Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in ReviewBoard
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in ReviewBoard
ID: FEDORA-2013-11682
Distribution: Fedora
Plattformen: Fedora 19
Datum: So, 7. Juli 2013, 01:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2209
Applikationen: ReviewBoard

Originalnachricht

Name        : ReviewBoard
Product : Fedora 19
Version : 1.7.11
Release : 1.fc19
URL : http://www.review-board.org
Summary : Web-based code review tool
Description :
Review Board is a powerful web-based code review tool that offers
developers an easy way to handle code reviews. It scales well from small
projects to large companies and offers a variety of tools to take much
of the stress and time out of the code review process.

-------------------------------------------------------------------------------
-
Update Information:

- New upstream release 1.7.11
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.11/
- Bug Fixes:
* Fixed compatibility with Python 2.5
* Fixed the drop-down arrow by Support and the account name on older
versions of Internet Explorer

- New upstream release 1.7.10
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
- Security Updates:
* Fixed an XSS vulnerability where users could trigger script errors under
certain conditions in auto-complete widgets
- Web API Changes:
* Added n ?order-by=<fieldname> query parameter for comment
resources,
allowing ordering by fields such as line numbers (for diff comments)
* Added a filename field to screenshot resources, which provides the base
filename (without path) of the screenshot
* Added a review_url field to screenshot resources, which provides the URL
to the screenshot review page
* Added a thumbnail_url field to screenshot comment resources, which
provides the URL to the snippet of the screenshot being commented on
* Added a link_text field to file attachment comment resources, which
shows
the text for any link pointing to the file. This may differ depending on
the comment
* Added a review_url field to file attachment comment resources, which
provides the URL to the review page for the file
* Added a thumbnail_html field to file attachment comment resources, which
provides HTML for rendering the thumbnail of the portion of the file
being rendered, if any
- UI Changes:
* Improved the look and feel of the issue summary table. It’s cleaner and
no longer looks odd with long comment text
- Bug Fixes:
* Fixed periodic but harmless JavaScript errors when removing elements
with
relative timestamps
* Editing or reordering dashboard columns no longer breaks after the
dashboard reloads
* Relative timestamps in the dashboard no longer break after the dashboard
reloads
* The maximum size of the timezone has increased, allowing for longer
timezone strings

-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Jun 27 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.11-1
- New upstream release 1.7.11
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.11/
- Bug Fixes:
* Fixed compatibility with Python 2.5
* Fixed the drop-down arrow by Support and the account name on older
versions of Internet Explorer
* Mon Jun 24 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.7.10-1
- New upstream release 1.7.10
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
- Security Updates:
* Fixed an XSS vulnerability where users could trigger script errors under
certain conditions in auto-complete widgets
- Web API Changes:
* Added n ?order-by=<fieldname> query parameter for comment
resources,
allowing ordering by fields such as line numbers (for diff comments)
* Added a filename field to screenshot resources, which provides the base
filename (without path) of the screenshot
* Added a review_url field to screenshot resources, which provides the URL
to the screenshot review page
* Added a thumbnail_url field to screenshot comment resources, which
provides the URL to the snippet of the screenshot being commented on
* Added a link_text field to file attachment comment resources, which shows
the text for any link pointing to the file. This may differ depending on
the comment
* Added a review_url field to file attachment comment resources, which
provides the URL to the review page for the file
* Added a thumbnail_html field to file attachment comment resources, which
provides HTML for rendering the thumbnail of the portion of the file
being rendered, if any
- UI Changes:
* Improved the look and feel of the issue summary table. It’s cleaner and
no longer looks odd with long comment text
- Bug Fixes:
* Fixed periodic but harmless JavaScript errors when removing elements with
relative timestamps
* Editing or reordering dashboard columns no longer breaks after the
dashboard reloads
* Relative timestamps in the dashboard no longer break after the dashboard
reloads
* The maximum size of the timezone has increased, allowing for longer
timezone strings
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #977423 - CVE-2013-2209 ReviewBoard: Stored XSS due improper
sanitization of user's full name in the reviews dropdown
https://bugzilla.redhat.com/show_bug.cgi?id=977423
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update ReviewBoard' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung