Bug 679339
Summary: | CVE-2011-0432 pywebdav: SQL injection due improper escaping of user credentials [epel-5] | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | pywebdav | Assignee: | Dan Horák <dan> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | el5 | CC: | dan, jtfas90 |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | fst_owner=jtaylor | ||
Fixed In Version: | pywebdav-0.9.4.1-1.el5 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-12-26 19:50:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 677718 |
Description
Huzaifa S. Sidhpurwala
2011-02-22 10:16:46 UTC
Hi Dan, Are there plans to upgrade the version of pywebdav in the epel el5 repo or should we look at retiring the package? Let me know if I can be of assistance. Regards, JT uff, sounds I forgot about it, both Fedora and EL-6 were fixed on time pywebdav-0.9.4.1-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/pywebdav-0.9.4.1-1.el5 Package pywebdav-0.9.4.1-1.el5: * should fix your issue, * was pushed to the Fedora EPEL 5 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing pywebdav-0.9.4.1-1.el5' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4620/pywebdav-0.9.4.1-1.el5 then log in and leave karma (feedback). pywebdav-0.9.4.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. |