Bug 212488

Summary:	www-apps/roundup < 1.4.4 XSS security issues (CVE-2008-1474)
Product:	Gentoo Security	Reporter:	Luca Barbato <lu_zero>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	web-apps
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://pypi.python.org/pypi/roundup
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description Luca Barbato gentoo-dev

2008-03-06 13:57:50 UTC

"1.4.4 is a security fix release. All installations of Roundup are strongly encouraged to update."

just bumping the ebuild should do.

Comment 1 Benedikt Böhm (RETIRED) gentoo-dev

2008-03-07 10:47:37 UTC

in cvs, please stabilize

Comment 2 Ferris McCormick (RETIRED) gentoo-dev

2008-03-07 13:42:35 UTC

Sparc stable.  Quick test using roundup-demo went as expected.

Comment 3 Christian Faulhammer (RETIRED) gentoo-dev

2008-03-07 16:07:55 UTC

x86 stable

Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev

2008-03-09 06:47:08 UTC

ppc stable, ready for glsa voting.

Comment 5 Peter Volkov (RETIRED) gentoo-dev

2008-03-09 10:11:15 UTC

amd64 stable, too and now it's really ready for glsa.

Comment 6 Peter Volkov (RETIRED) gentoo-dev

2008-03-09 10:23:27 UTC

Fixed in release snapshot.

Comment 7 Tobias Heinlein (RETIRED) gentoo-dev

2008-03-11 17:27:33 UTC

Ready for vote.

I vote NO.

Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-03-11 21:39:34 UTC

NO too, and closing.

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2008-03-12 02:12:58 UTC

Did anyone actually check what the vulnerability was?

Comment 10 Lars Hartmann 2008-03-25 08:31:07 UTC

can someone please add CVE-2008-1474 to the topic?

Comment 11 Robert Buchholz (RETIRED) gentoo-dev

2008-04-24 00:01:59 UTC

Just for reference, Debian reported these as Cross-site scripting.