[SECURITY] Fedora 16 Update: ReviewBoard-1.6.3-1.fc16

updates at fedoraproject.org updates at fedoraproject.org
Tue Nov 29 00:12:11 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15935
2011-11-15 23:41:16
--------------------------------------------------------------------------------

Name        : ReviewBoard
Product     : Fedora 16
Version     : 1.6.3
Release     : 1.fc16
URL         : http://www.review-board.org
Summary     : Web-based code review tool
Description :
Review Board is a powerful web-based code review tool that offers
developers an easy way to handle code reviews. It scales well from small
projects to large companies and offers a variety of tools to take much
of the stress and time out of the code review process.

--------------------------------------------------------------------------------
Update Information:

- New upstream security release 1.6.3
- Security Fixes:
-    A script injection vulnerability was discovered in the commenting system. This affected the diff viewer and screenshot pages, and allowed a commenter to break the page and execute JavaScript
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 15 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.6.3-1
- New upstream security release 1.6.3
- Security Fixes:
    A script injection vulnerability was discovered in the commenting system.
    This affected the diff viewer and screenshot pages, and allowed a
    commenter to break the page and execute JavaScript
* Thu Nov 10 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.6.2-1
- New upstream release
- http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.2/
- New Features:
-     Staff members can now access all Local Sites
-     Auto-generated e-mails are now marked as "auto-generated" to avoid auto
      replies
- API Changes:
-     Added API for deleting review groups
-     Allow for archiving repositories
- Bug Fixes:
-     Fixed the default Apache WSGI configuration for subdirectory installs
-     Added explicit permisisions in the default Apache configurations
-     The favicon for the page is now properly switching to the "New Updates"
      favicon on all browsers when there are review request updates
-     Specifying bug numbers on review requests without a repository no longer
      fails
-     Fixed saving captions for newly added screenshots and files
-     Fixed using special characters in SVN URLs
-     Fixed Bazaar when pointing to a repository root that exists on the local
      filesystem
-     Clicking Cancel on an "Add comment" box now fully removes the box,
      instead of leaving a bit of it behind
-     Fixed dashboard counters for brand new review requests on Local Sites
-     Group names in the dashboard are now ordered by name in the sidebar
-     Fixed a hard-coded media URL for the "Expand All" button
-     Fixed a problem with IE8 where the "Publish" button on comment dialogs
      weren’t being shown
-     Fixed API authentication failures when : was in the password
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #754130 - CVE-2011-4312 ReviewBoard: XSS in the commenting system (diff viewer and screenshot pages) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=754130
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update ReviewBoard' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list