Summary: | <dev-python/Djblets-0.7.16: XSS (CVE-2013-4795) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Palimaka (kensington) <kensington> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | trivial | CC: | kensington, xmw | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | ~4 [noglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Michael Palimaka (kensington)
2013-08-01 13:59:25 UTC
something holding 0.7.16 back? (In reply to Joakim Tjernlund from comment #1) > something holding 0.7.16 back? Not as far as I know, just waiting for the maintainer to bump. like I said (In reply to Ian Delaney from comment #3) > like I said ? Now that django 1.4.8 and 1.5.4 are in tree, can we have Djblets 0.7.16 and 0.7.17 too? Created attachment 359434 [details]
Initial Djblets-0.7.18 ebuild
This is what I had to change from 0.7.15 to build 0.7.18:
--- Djblets-0.7.15.ebuild 2013-06-24 17:31:12.000000000 +0200
+++ Djblets-0.7.18.ebuild 2013-09-25 17:37:03.850366096 +0200
@@ -16,7 +16,7 @@
KEYWORDS="~amd64 ~x86"
IUSE="test"
-RDEPEND=">=dev-python/django-1.4.5[${PYTHON_USEDEP}]
+RDEPEND=">=dev-python/django-1.4.8[${PYTHON_USEDEP}]
<dev-python/django-1.5[${PYTHON_USEDEP}]
virtual/python-imaging[${PYTHON_USEDEP}]
>=dev-python/django-pipeline-1.2.24[${PYTHON_USEDEP}]
@@ -33,7 +33,6 @@
mkdir djblets/feedview/testdata || die
cp "${FILESDIR}"/sample.rss djblets/feedview/testdata || die
fi
- epatch "${FILESDIR}"/exclude-tests.patch
distutils-r1_python_prepare_all
}
Seems like this package has been left behind. Could some other gentoo dev bump this package? Vulnerable versions are no longer in the tree. |