Latest upstream release: 1.4.19 Current version in Fedora Rawhide: 1.4.15 URL: http://pypi.python.org/packages/source/r/roundup Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring
Latest upstream release: 1.4.20 Current version in Fedora Rawhide: 1.4.18 URL: http://pypi.python.org/packages/source/r/roundup Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring
*URGENT* Upstream classifies this as a security release -- could this be updated soon? http://pypi.python.org/pypi/roundup
roundup-1.4.20-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/roundup-1.4.20-1.fc17
roundup-1.4.20-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/roundup-1.4.20-1.fc16
roundup-1.4.20-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/roundup-1.4.20-1.fc18
Package roundup-1.4.20-1.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing roundup-1.4.20-1.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-17916/roundup-1.4.20-1.fc18 then log in and leave karma (feedback).
The updates should probably be marked as security instead of as bugfix? Not sure if there are any CVEs associated with this though.
CVE Request: http://www.openwall.com/lists/oss-security/2012/11/10/2
Created roundup tracking bugs for this issue Affects: epel-5 [bug 875311]
roundup-1.4.20-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
roundup-1.4.20-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-6132 to the following vulnerability: Name: CVE-2012-6132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6132 Assigned: 20121206 Reference: http://www.openwall.com/lists/oss-security/2012/11/10/2 Reference: http://www.openwall.com/lists/oss-security/2013/02/13/8 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=722672 Reference: XF:roundup-cve20126132-otk-xss(84191) Reference: http://xforce.iss.net/xforce/xfdb/84191 Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.:
These issues have more CVEs assigned: > [B] * issue2550684 Fix XSS vulnerability when username contains > HTML code, thanks to Thomas Arendsen Hein for reporting and patch. > (Ralf) [4] http://issues.roundup-tracker.org/issue2550684 Please use CVE-2012-6130 for this issue > [C] * issue2550711 Fix XSS vulnerability in @action parameter, > thanks to "om" for reporting. (Ralf) [5] > http://issues.roundup-tracker.org/issue2550711 Please use CVE-2012-6131 for this issue References: http://www.openwall.com/lists/oss-security/2012/11/10/2 and http://www.openwall.com/lists/oss-security/2013/02/13/8