Summary: | <dev-db/couchdb-1.0.1: Cross Site Request Forgery Vulnerability (CVE-2010-2234) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | craig, djc |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-08-17 16:29:12 UTC
Should we fast-track 1.0.1 for stabilization? (In reply to comment #1) > Should we fast-track 1.0.1 for stabilization? > If that is possible w/o causing too much migration pain for users. [1] mentions quite some things. [1] http://wiki.apache.org/couchdb/Breaking_changes (In reply to comment #2) > (In reply to comment #1) > > Should we fast-track 1.0.1 for stabilization? > > > > If that is possible w/o causing too much migration pain for users. > [1] mentions quite some things. > > [1] http://wiki.apache.org/couchdb/Breaking_changes > Dirkjan, are you comfortable with stabilizing 1.0.1 based on the information from the URL above? Thanks! Yeah, that would be great. Thanks! (Sorry, I should have properly acknowledged this earlier, last week was pretty crazy. In any case, the breaking changes listed for 0.11 -> 1.0.x are really pretty minor, they shouldn't cause much breakage in practice.) Thanks, Dirkjan. Arches, please test and mark stable: =dev-db/couchdb-1.0.1 Target keywords : "amd64 ppc x86" x86 stable amd64 done *** Bug 335881 has been marked as a duplicate of this bug. *** Marked ppc stable. Security guys: I think this one can be closed. GLSA vote: NO. No too, closing, kthxbye. |