Fedora 19 : ReviewBoard-1.7.12-1.fc19 / python-djblets-0.7.16-1.fc19 (2013-13850)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

As with all ReviewBoard updates, you will need to run 'rb-site upgrade
/path/to/site' for all installed sites after applying this update.

== Action Required ==

The default Apache configuration is now more strict with how it serves
up file attachments. This does not apply to existing installations.
See
http://support.beanbaginc.com/support/solutions/articles/110173-securi
ng-file-attachments for details.

== Description ==

- New upstream release 1.7.12

-
http://www.reviewboard.org/docs/releasenotes/reviewboa
rd/1.7.12/

- Security Fixes :

- Function names in diff headers are no longer rendered
as HTML.

- If a user's full name contained HTML, the Submitters
list would render it as HTML, without escaping it.
This was an XSS vulnerability.

- The default Apache configuration is now more strict
with how it serves up file attachments. This does not
apply to existing installations. See
http://support.beanbaginc.com/support/solutions/articl
es/110173-securing-file-attachments for details.

- Uploaded files are now renamed to include a hash,
preventing users from uploading malicious filenames,
and making filenames unguessable.

- Recaptcha support has been updated to use the new URLs
provided by Google.

- New Features :

- Added a X-ReviewRequest-Repository header for e-mails.

- Extension Improvements :

- Extensions can now specify their list of app
directories.

- Extensions can now specify the author's URL.

- Improved the look and feel for extension
configuration.

- Improved the functionality for extension
configuration.

- Improved the list of available extensions.

- Bug Fixes :

- Fixed the 'Show Whitespace Changes' toggle.

- Fixed compatibility with modern versions of
django-storages.

- Draft comments on file attachments are no longer shown
to all users.

- Fixed issues with console windows appearing when
invoking Clear Case requests on Python 2.7.x and
Windows 7.

- Review requests on Local Sites are now guaranteed to
have the proper ID.

- Fixed starring review requests on Local Sites.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?b2c5459f
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12/
http://www.nessus.org/u?baf4e775
http://www.nessus.org/u?d636bb98

Solution :

Update the affected ReviewBoard and / or python-djblets packages.

Risk factor :

High

Family: Fedora Local Security Checks

Nessus Plugin ID: 69248 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now