[ReviewBoard/el5] New upstream security release 1.5.7 Security Fixes: A script injection vulnerability was discovered

Stephen Gallagher sgallagh at fedoraproject.org
Tue Nov 15 12:54:46 UTC 2011 

commit f74a689e17b3b8f720c0fb152ad7df561544d1e0
Author: Stephen Gallagher <sgallagh at redhat.com>
Date:   Tue Nov 15 07:49:05 2011 -0500

    New upstream security release 1.5.7
    Security Fixes:
    A script injection vulnerability was discovered in the commenting system.
    This affected the diff viewer and screenshot pages, and allowed a
    commenter to break the page and execute JavaScript

 .gitignore       |    1 +
 ReviewBoard.spec |   13 ++++++++++---
 sources          |    2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 91b91e4..cf6f9ca 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
 /ReviewBoard-1.5.4.tar.gz
 /ReviewBoard-1.5.5.tar.gz
 /ReviewBoard-1.5.6.tar.gz
+/ReviewBoard-1.5.7.tar.gz
diff --git a/ReviewBoard.spec b/ReviewBoard.spec
index abca207..254d6a6 100644
--- a/ReviewBoard.spec
+++ b/ReviewBoard.spec
@@ -1,8 +1,8 @@
 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 
 Name:           ReviewBoard
-Version:        1.5.6
-Release:        3%{?dist}
+Version:        1.5.7
+Release:        1%{?dist}
 Summary:        Web-based code review tool
 Group:          Applications/Internet
 License:        MIT
@@ -22,7 +22,7 @@ Requires:       pysvn
 Requires:       python-flup
 Requires:       python-nose
 Requires:       pytz
-Requires:       python-pygments >= 1.1.1
+Requires:       python-pygments >= 1.4
 Requires:       django-evolution >= 0.6.5
 Requires:       python-recaptcha-client
 Requires:       python-paramiko
@@ -94,6 +94,13 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitelib}/webtests/*.py*
 
 %changelog
+* Tue Nov 15 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.7-1
+- New upstream security release 1.5.7
+- Security Fixes:
+-    A script injection vulnerability was discovered in the commenting system.
+     This affected the diff viewer and screenshot pages, and allowed a
+     commenter to break the page and execute JavaScript
+
 * Fri Sep 23 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.6-3
 - Resolves: rhbz#739209 - rb-site install failed with AttributeError: 'module'
                           object has no attribute 'image_new_from_file'
diff --git a/sources b/sources
index 71d610f..ad152d2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-628484aea4d65ef1d1bf233f82084935  ReviewBoard-1.5.6.tar.gz
+02ca45f008e35ccd2f54d7ee829c9be5  ReviewBoard-1.5.7.tar.gz

More information about the scm-commits mailing list