[ReviewBoard] New upstream security release 1.6.3 Security Fixes: A script injection vulnerability was discovered

Stephen Gallagher sgallagh at fedoraproject.org
Tue Nov 15 13:35:56 UTC 2011 

commit 2b80d0b5b0f2bf6a962c4cdb8612ef64aa30405f
Author: Stephen Gallagher <sgallagh at redhat.com>
Date:   Tue Nov 15 08:37:19 2011 -0500

    New upstream security release 1.6.3
    Security Fixes:
    A script injection vulnerability was discovered in the commenting system.
    This affected the diff viewer and screenshot pages, and allowed a
    commenter to break the page and execute JavaScript

 .gitignore       |    1 +
 ReviewBoard.spec |    9 ++++++++-
 sources          |    2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index ecbaaff..b93a0cc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@ ReviewBoard-1.5rc1.tar.gz
 /ReviewBoard-1.6rc2.tar.gz
 /ReviewBoard-1.6.1.tar.gz
 /ReviewBoard-1.6.2.tar.gz
+/ReviewBoard-1.6.3.tar.gz
diff --git a/ReviewBoard.spec b/ReviewBoard.spec
index c5a7332..942881e 100644
--- a/ReviewBoard.spec
+++ b/ReviewBoard.spec
@@ -1,7 +1,7 @@
 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 
 Name:           ReviewBoard
-Version:        1.6.2
+Version:        1.6.3
 Release:        1%{?dist}
 Summary:        Web-based code review tool
 Group:          Applications/Internet
@@ -87,6 +87,13 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitelib}/webtests/*.py*
 
 %changelog
+* Tue Nov 15 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.6.3-1
+- New upstream security release 1.6.3
+- Security Fixes:
+    A script injection vulnerability was discovered in the commenting system.
+    This affected the diff viewer and screenshot pages, and allowed a
+    commenter to break the page and execute JavaScript
+
 * Thu Nov 10 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.6.2-1
 - New upstream release
 - http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.2/
diff --git a/sources b/sources
index 4c2d0a1..c8e779e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3b05737a540d16af7d839e21454b1a6e  ReviewBoard-1.6.2.tar.gz
+27bfc40141fe9de93522a279b690bfea  ReviewBoard-1.6.3.tar.gz

More information about the scm-commits mailing list