Fedora: 2009-1518 Critical: Python-Fedora Password Issue

Python modules that help with building Fedora Services. This includes a JSON

based auth provider for authenticating against FAS2 over the network and a

client that handles communication with the servers. The client module can

be used to build programs that communicate with Fedora Infrastructure's

TurboGears Applications such as Bodhi, PackageDB, MirrorManager, and FAS2.

This release includes a bugfix to the

fedora.client.AccountSystem().verify_password() method. verify_password() was

incorrectly returning True (username, password combination was correct) for any

input. Although no known code is using this method to verify a user's account

with the Fedora Account System, the existence of the method and the fact that

anyone using this would be allowing users due to the bug makes this a high

priority bug to fix.

* Sun Feb 8 2009 Toshio Kuratomi - 0.3.9-1

- New upstream with important bugfixes.

* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 0.3.8-2

- Rebuild for Python 2.6

* Thu Nov 20 2008 Toshio Kuratomi - 0.3.8-1

- New upstream with pycurl client backend, more fas methods, and bodhi bugfix.

* Thu Oct 30 2008 Toshio Kuratomi - 0.3.7-1

- New upstream has more complete pkgdb integration.

su -c 'yum update python-fedora' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/