[SECURITY] Fedora EPEL 5 Update: python-djblets-0.6.10-2.el5
updates at fedoraproject.org
updates at fedoraproject.org
Mon Aug 27 17:03:19 UTC 2012
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2012-6665
2012-08-10 18:09:14
--------------------------------------------------------------------------------
Name : python-djblets
Product : Fedora EPEL 5
Version : 0.6.10
Release : 2.el5
URL : http://www.review-board.org
Summary : A collection of useful classes and functions for Django
Description :
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
Previous version of python-djblets contained embedded / own copy of python-feedparser (BUILD/Djblets-0.6.22/djblets/feedview feedparser.py) code, which is vulnerable to numerous security flaws (CVE-2009-5065, CVE-2011-1156, CVE-2011-1157, and CVE-2011-1158 to mention some of them).
This package modifies Djblets to use the system copy of feedparser.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #846760 - Current version of python-djblets in Fedora EPEL-5 contains embeded copy of python-feedparser, vulnerable to CVE-2009-5065, CVE-2011-1156, CVE-2011-1157, and CVE-2011-1158
https://bugzilla.redhat.com/show_bug.cgi?id=846760
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-djblets' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the epel-package-announce
mailing list