Fedora: FEDORA-2017-654136ee16 Moderate: python-werkzeug XSS Issue

Werkzeug

=======

Werkzeug started as simple collection of various utilities for WSGI

applications and has become one of the most advanced WSGI utility

modules. It includes a powerful debugger, full featured request and

response objects, HTTP utilities to handle entity tags, cache control

headers, HTTP dates, cookie handling, file uploads, a powerful URL

routing system and a bunch of community contributed addon modules.

Werkzeug is unicode aware and doesn't enforce a specific template

engine, database adapter or anything else. It doesn't even enforce

a specific way of handling requests and leaves all that up to the

developer. It's most useful for end user applications which should work

on as many server environments as possible (such as blogs, wikis,

bulletin boards, etc.).

Update to 0.12.2 which also fixes CVE-2016-10516

[ 1 ] Bug #1512103 - CVE-2016-10516 python-werkzeug: Cross-site scripting in render_full function in debug/tbtools.py [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1512103

[ 2 ] Bug #1291370 - python-werkzeug - Missing "python2-" provide

https://bugzilla.redhat.com/show_bug.cgi?id=1291370

[ 3 ] Bug #1372119 - python-werkzeug-0.12.2 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1372119

su -c 'dnf upgrade python-werkzeug' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org