[ReviewBoard/el6] New upstream security release 1.5.7 Security Fixes: A script injection vulnerability was discovered

Stephen Gallagher sgallagh at fedoraproject.org
Tue Nov 15 12:59:00 UTC 2011 

commit cdf09043a073c3759061eefb6366fc44b8170f89
Author: Stephen Gallagher <sgallagh at redhat.com>
Date:   Tue Nov 15 07:49:05 2011 -0500

    New upstream security release 1.5.7
    Security Fixes:
    A script injection vulnerability was discovered in the commenting system.
    This affected the diff viewer and screenshot pages, and allowed a
    commenter to break the page and execute JavaScript

 .gitignore       |    1 +
 ReviewBoard.spec |   11 +++++++++--
 sources          |    2 +-
 3 files changed, 11 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 879cb4c..72cf5f7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ ReviewBoard-1.5rc1.tar.gz
 /ReviewBoard-1.5.4.tar.gz
 /ReviewBoard-1.5.5.tar.gz
 /ReviewBoard-1.5.6.tar.gz
+/ReviewBoard-1.5.7.tar.gz
diff --git a/ReviewBoard.spec b/ReviewBoard.spec
index 6580e7e..58c684b 100644
--- a/ReviewBoard.spec
+++ b/ReviewBoard.spec
@@ -1,8 +1,8 @@
 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 
 Name:           ReviewBoard
-Version:        1.5.6
-Release:        2%{?dist}
+Version:        1.5.7
+Release:        1%{?dist}
 Summary:        Web-based code review tool
 Group:          Applications/Internet
 License:        MIT
@@ -87,6 +87,13 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitelib}/webtests/*.py*
 
 %changelog
+* Tue Nov 15 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.7-1
+- New upstream security release 1.5.7
+- Security Fixes:
+-    A script injection vulnerability was discovered in the commenting system.
+     This affected the diff viewer and screenshot pages, and allowed a
+     commenter to break the page and execute JavaScript
+
 * Mon Aug 29 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.6-2
 - Fix python-pygments requirement
 - ReviewBoard will work with python-pygments >= 1.1.1, but performance may
diff --git a/sources b/sources
index 71d610f..ad152d2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-628484aea4d65ef1d1bf233f82084935  ReviewBoard-1.5.6.tar.gz
+02ca45f008e35ccd2f54d7ee829c9be5  ReviewBoard-1.5.7.tar.gz

More information about the scm-commits mailing list