Detections
Analytics

Fedora 20 : ReviewBoard-1.7.22-2.fc20 (2014-3446)

high Nessus Plugin ID 73035

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

- New upstream security release 1.7.22

 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.22/

 - Security Fixes :

 - An XSS vulnerability was found in the Search field's auto-complete.

 - New Features :

 - Added support for anonymous access to public Local Sites.

 - Added support for parallel-installed versions of Django.

 - API Changes :

 - The documentation for Review Group Resource no longer says that review groups cannot be created through the API.

 - Bug Fixes :

 - Install/Upgrade :

 - Fixed compatibility with Apache 2.4's method for authorization in newly generated config files.

 - Fixed an issue on some configurations where loading in initial schema data for the database would fail

 - rb-site upgrade --all-sites no longer throws an error if there are no valid sites configured.

 - Administration :

 - Administrators now have access to all repositories, instead of just public ones or ones they're a member of.

 - Repositories backed by paths that no longer exist can now be hidden.

 - Fixed creating groups and repositories that had conflicting 'unique' fields.

 - Password fields no longer appear blank when they have a value in forms.

 - Setting https in the server URL now properly marks the server as using HTTPS. All URLs generated for the API and e-mails will include https instead of http.

 - Fixed incorrect labelling for the review request status graph in the Admin dashboard.

 - LDAP :

 - Usernames, passwords, and other information are properly encoded to UTF-8 before authenticating.

 - Users without e-mail addresses in LDAP no longer break when first authenticating.

 - Dashboard :

 - Fixed support for accessing watched groups through the Dashboard.

 - Repositories :

 - Copied files in Git diffs no longer results in File Not Found errors, and properly handles showing the state much like moved files.

 - Added better compatibility with Mercurial repository when accessing hg-history URLs, when the server name didn't contain a trailing slash.

 - Added better CVS compatibility for repositories that don't contain CVSROOT/modules.

 - Fixed issues with Clear Case in multi-site mode when OIDs weren't yet available on the server.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected ReviewBoard package.

See Also

https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.22/

http://www.nessus.org/u?2e45ee49

Plugin Details

Severity: High

ID: 73035

File Name: fedora_2014-3446.nasl

Version: 1.5

Type: local

Agent: unix

Published: 3/17/2014

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:reviewboard, cpe:/o:fedoraproject:fedora:20

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 3/5/2014

Reference Information

FEDORA: 2014-3446