Fedora 18 : ReviewBoard-1.7.11-1.fc18 (2013-11646)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- New upstream release 1.7.11

-
http://www.reviewboard.org/docs/releasenotes/reviewboa
rd/1.7.11/

- Bug Fixes :

- Fixed compatibility with Python 2.5

- Fixed the drop-down arrow by Support and the account
name on older versions of Internet Explorer

- New upstream release 1.7.10

-
http://www.reviewboard.org/docs/releasenotes/reviewboa
rd/1.7.10/

- Security Updates :

- Fixed an XSS vulnerability where users could trigger
script errors under certain conditions in
auto-complete widgets

- Web API Changes :

- Added n ?order-by=<fieldname> query parameter for
comment resources, allowing ordering by fields such as
line numbers (for diff comments)

- Added a filename field to screenshot resources, which
provides the base filename (without path) of the
screenshot

- Added a review_url field to screenshot resources, which
provides the URL to the screenshot review page

- Added a thumbnail_url field to screenshot comment
resources, which provides the URL to the snippet of the
screenshot being commented on

- Added a link_text field to file attachment comment
resources, which shows the text for any link pointing to
the file. This may differ depending on the comment

- Added a review_url field to file attachment comment
resources, which provides the URL to the review page for
the file

- Added a thumbnail_html field to file attachment comment
resources, which provides HTML for rendering the
thumbnail of the portion of the file being rendered, if
any

- UI Changes :

- Improved the look and feel of the issue summary table.
It's cleaner and no longer looks odd with long
comment text

- Bug Fixes :

- Fixed periodic but harmless JavaScript errors when
removing elements with relative timestamps

- Editing or reordering dashboard columns no longer breaks
after the dashboard reloads

- Relative timestamps in the dashboard no longer break
after the dashboard reloads

- The maximum size of the timezone has increased, allowing
for longer timezone strings

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.11/
https://bugzilla.redhat.com/show_bug.cgi?id=977423
http://www.nessus.org/u?5d0cf4f7

Solution :

Update the affected ReviewBoard package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 67316 ()

Bugtraq ID: 60743

CVE ID: CVE-2013-2209

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now