From ${URL} : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746322 and https://github.com/defnull/bottle/issues/616 report an issue where Bottle treated "text/plain;application/json" as JSON, allowing security mechanisms to be bypassed. From the upstream report, "For example Chrome will not allow cross-origin xmlhttprequests with the content type set to "application/json" but you can set it to "text/plain;application/json" instead and bottle will accept it." @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-3137 assigned.
I've added 0.11.7 and 0.12.6 to the tree, I'd like to have 0.11.7 stabilized.
Thank you. Arches, please stabilize: =dev-python/bottle-0.11.7 Targets: alpha amd64 arm ia64 ppc ppc64 sparc x86
Builds fine on x86. please mark stable for x86.
amd64 stable
x86 stable
alpha stable
ia64 stable
ppc64 stable
ppc stable
sparc stable
arm stable, all arches done!
Cleanup, please! GLSA vote: no.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA Vote: No
Maintainer timeout, cleanup done, closing noglsa.