[SECURITY] Fedora 20 Update: python-fedora-0.3.34-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Tue May 6 21:32:32 UTC 2014

Fedora Update Notification
2014-05-03 19:14:23

Name        : python-fedora
Product     : Fedora 20
Version     : 0.3.34
Release     : 1.fc20
URL         : https://fedorahosted.org/python-fedora/
Summary     : Python modules for talking to Fedora Infrastructure Services
Description :
Python modules that help with building Fedora Services.  The client module
included here can be used to build programs that communicate with many of
Fedora Infrastructure's Applications such as Bodhi, PackageDB, MirrorManager,
and FAS2.

Update Information:

Fix two security issues for services using python-fedora's TG1 and flask helpers.

The TG1 fix quotes variables that could have been used to launch an XSS attack.

The flask fix addresses OpenID Covert Redirect for web services which use flask_fas_openid to authenticate against the Fedora Account System.

* Fri May  2 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 0.3.34-1
- Upstream 0.3.34 release with security fixes for TG and flask services built
  with python-fedora
* Fri Mar 14 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 0.3.33-3
- Do not build the TG1 subpackage on EPEL7.  Infrastructure is going to port
  its applications away from TG1 by the time they switch to RHEL7.  So we want
  to get rid of TurboGears1 packages before RHEL7.
- Fix conditionals so that they include the proper packages on epel7
* Fri Jan 10 2014 Dennis Gilmore <dennis at ausil.us> - 0.3.33-2
- clean up some rhel logic in the spec
* Thu Dec 19 2013 Toshio Kuratomi <toshio at fedoraproject.org> - 0.3.33-1
- Update for final release with numerous flask_fas_openid fixes

This update can be installed with the "yum" update program.  Use
su -c 'yum update python-fedora' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list