loggerhead updated for a CVE
Toshio Kuratomi
a.badger at gmail.com
Fri Mar 25 03:12:03 UTC 2011
I've updated loggerhead on hosted01/02 due to an XSS flaw. This is using
the new EPEL5 builds. The changes are not large but (since el5 was on 1.17
and the fix is in 1.18.1) the changes do touch things that aren't related to
the XSS fix.
Likely, only projects that I'm involved in use bzr on fedorahosted (and thus
loggerhead as the web viewer), but in case someone complains about problems,
this is a likely culprit.
PS: Thanks to ricky for making sure I saw this.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110324/14c6c04e/attachment.bin
More information about the infrastructure
mailing list