Fedora 25: fedmsg Security Update
Summary
Python API used around Fedora Infrastructure to send and receive messages with
zeromq. Includes some CLI tools.
Update Information:
Fix validation logic in the base consumer The base consumer is intended to only
derive its validation switch from the on-disk configuration if the child class
doesn't override the validate_signatures switch. There was a bug here where the
default value provided in the base class made it appear as if *all* child
consumers had turned *off* validation, which is incorrect. This fix turns on
signature validation by default while preserving the ability of child consumersto override the on-disk configuration in special cases. - Fixes:
CVE-2017-1000001 - Reviewed-by: Patrick Uiterwijk
Change Log
References
Fedora Update Notification FEDORA-2017-fff6e1af37 2017-01-24 19:30:37.937615 Name : fedmsg Product : Fedora 25 Version : 0.18.2 Release : 1.fc25 URL : https://github.com/fedora-infra/fedmsg Summary : Tools for Fedora Infrastructure real-time messaging Description : Python API used around Fedora Infrastructure to send and receive messages with zeromq. Includes some CLI tools.
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade fedmsg' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html