——————————————————————————–
Fedora Update Notification
FEDORA-2014-7224
2014-06-10 01:56:10
——————————————————————————–
Name : python-djblets
Product : Fedora 19
Version : 0.7.30
Release : 2.fc19
URL : http://www.review-board.org
Summary : A collection of useful classes and functions for Django
Description :
A collection of useful classes and functions for Django
——————————————————————————–
Update Information:
Fixes two XSS vulnerabilities in Djblets (used by Review Board)
——————————————————————————–
ChangeLog:
* Sat Jun 7 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.30-2
– Drop upstreamed patch
* Fri Jun 6 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.30-1
– New upstream security release 0.7.30
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.30.NEWS
* Wed Apr 9 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.29-1
– New upstream release 0.7.29
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.29.NEWS
* Fri Feb 21 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.28-2
– Generate requires.txt with values appropriate for Fedora
* Thu Jan 2 2014 Stephen Gallagher <sgallagh@redhat.com> – 0.7.28-1
– New upstream release 0.7.28
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.28.NEWS
* djblets.auth:
* Fixed HTTP 500 errors when failing to save the registration form
* Thu Dec 12 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.27-1
– New upstream release 0.7.27
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.25.NEWS
* djblets.auth:
* Added some human-readable labels for RegistrationForm.
* RegistrationForm subclasses that make use of fields that normalize to
non-strings no longer fail to save.
* djblets.webapi:
* Usernames with plus signs in them are now matched in the API.
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.26.NEWS
* djblets.util.fields:
* Fixed JSONField in the administration UI.
* djblets.webapi:
* Added support for web API authentication backends.
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.27.NEWS
* Fixed a regression with the new webapi auth backend support
* Wed Nov 27 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.24-1
– New upstream release 0.7.24
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.24.NEWS
* djblets.util.http:
* Fixed ETag matching
* Tue Nov 5 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.23-1
– New upstream release 0.7.23
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS
* djblets.webapi:
* Added a has_list_access_permissions function, which is used to determine
access to a list resource.
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.22.NEWS
* djblets.extensions:
* AJAX_SERIAL is updated when extensions are enabled/disabled or their
configuration changes, allowing templates using AJAX_SERIAL as part of
their cache to invalidate.
* djblets.siteconfig:
* Reduced query counts for installs using siteconfig.
* djblets.webapi:
* Reduced query counts when returning payloads for list resources with no
entries.
* Common attribute lookups on WebAPIResource are now cached.
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.23.NEWS
* djblets.extensions:
* Fix URL errors when configuring extensions with a custom SITE_ROOT.
* djblets.util.fields:
* JSONFields can now be safely edited through the administration UI,
complete with validation.
* jquery.gravy:
* Fixed hiding the pencil icons on an inlineEditor when disabled.
* Sun Oct 13 2013 Patrick Uiterwijk <puiterwijk@gmail.com> – 0.7.21-1
– New upstream bugfix release 0.7.21
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.21.NEWS
– Added a has_list_access_permissions function, which is used to
determine access to a list resource.
* Fri Oct 11 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.20-1
– New upstream bugfix release 0.7.20
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.20.NEWS
– Fixed regression with pagination on the datagrid
* Thu Oct 10 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.19-1
– New upstream security release 0.7.19
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.19.NEWS
– Resolves: CVE-2013-4409
– Resolves unsanitized eval() vulnerability
* Mon Sep 23 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.18-1
– New upstream security release 0.7.18
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.18.NEWS
– Web API resource lists are now more careful about access permissions.
* Thu Aug 15 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.17-1
– New upstream release 0.7.17
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.17.NEWS
* Mon Jul 29 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.16-1
– New upstream release 0.7.16
– This release contains security fixes in the datagrid
– JavaScript:
* autoSizeTextArea now cleans up its hidden proxy elements when destroyed.
* inlineEditor can be told not to focus a textarea by default by setting
‘focusOnOpen’ to false.
* modalBox can place itself in an element other than <body> by setting the
‘container’ option to the element.
* modalBox takes a ‘boxID’ option that, if specified, will set the ID of
the modalBox element.
* funcQueue now takes an optional context parameter for callback functions.
– djblets.datagrid:
* Data pulled from the database and rendered into cells are always escaped
now.
* Columns can now specify an image_class instead of an image_url.
* Added a JavaScript reload() function that can be called on a datagrid
element to trigger a dynamic reload from the server.
– djblets.extensions:
* Extensions can now specify their list of app directories.
* Extensions can now specify the author’s URL.
* Improved the look and feel for extension configuration.
* Improved the functionality for extension configuration.
* Improved the list of available extensions.
——————————————————————————–
References:
[ 1 ] Bug #1106845 – CVE-2014-3994 python-djblets: XSS Vulnerability in Djblets json_dumps()
https://bugzilla.redhat.com/show_bug.cgi?id=1106845
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update python-djblets’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-7223
2014-06-10 01:56:08
——————————————————————————–
Name : python-djblets
Product : Fedora 20
Version : 0.7.30
Release : 2.fc20
URL : http://www.review-board.org
Summary : A collection of useful classes and functions for Django
Description :
A collection of useful classes and functions for Django
——————————————————————————–
Update Information:
Fixes two XSS vulnerabilities in Djblets (used by Review Board)
——————————————————————————–
ChangeLog:
* Sat Jun 7 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.30-2
– Drop upstreamed patch
* Fri Jun 6 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.30-1
– New upstream security release 0.7.30
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.30.NEWS
* Wed Apr 9 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.29-1
– New upstream release 0.7.29
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.29.NEWS
* Fri Feb 21 2014 Stephen Gallagher <sgallagh@redhat.com> 0.7.28-2
– Generate requires.txt with values appropriate for Fedora
* Thu Jan 2 2014 Stephen Gallagher <sgallagh@redhat.com> – 0.7.28-1
– New upstream release 0.7.28
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.28.NEWS
* djblets.auth:
* Fixed HTTP 500 errors when failing to save the registration form
* Thu Dec 12 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.27-1
– New upstream release 0.7.27
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.25.NEWS
* djblets.auth:
* Added some human-readable labels for RegistrationForm.
* RegistrationForm subclasses that make use of fields that normalize to
non-strings no longer fail to save.
* djblets.webapi:
* Usernames with plus signs in them are now matched in the API.
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.26.NEWS
* djblets.util.fields:
* Fixed JSONField in the administration UI.
* djblets.webapi:
* Added support for web API authentication backends.
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.27.NEWS
* Fixed a regression with the new webapi auth backend support
* Wed Nov 27 2013 Stephen Gallagher <sgallagh@redhat.com> – 0.7.24-1
– New upstream release 0.7.24
– http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.24.NEWS
* djblets.util.http:
* Fixed ETag matching
——————————————————————————–
References:
[ 1 ] Bug #1106845 – CVE-2014-3994 python-djblets: XSS Vulnerability in Djblets json_dumps()
https://bugzilla.redhat.com/show_bug.cgi?id=1106845
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update python-djblets’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce