Fedora 29: Security Advisory for Pagure 5.3 Moderate API Key Leak

Pagure is a light-weight git-centered forge based on pygit2.

Currently, Pagure offers a web-interface for git repositories, a ticket

system and possibilities to create new projects, fork existing ones and

create/merge pull-requests across or within projects.

Update to Pagure 5.3, which includes the fix for CVE-2019-7628.

* Fri Feb 22 2019 Neal Gompa - 5.3-1

- Update to 5.3

- Add weak dependencies for supported database client libraries

- Use macros consistently in the spec

* Fri Feb 1 2019 Fedora Release Engineering - 5.2-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Mon Jan 7 2019 Neal Gompa - 5.2-2

- Ensure all shebangs are set to the correct Python version

- Fix RHEL conditionals to account for EL8

- Fix pygit2 dependency for EL7

* Mon Jan 7 2019 Neal Gompa - 5.2-1

- Update to 5.2

* Fri Dec 14 2018 Neal Gompa - 5.1.4-2

- Backport fix from master to add compatibility with Markdown 3.0+

- Backport fix from master to properly skip legacy hooks

* Tue Oct 30 2018 Neal Gompa - 5.1.4-1

- Update to 5.1.4

* Thu Oct 11 2018 Neal Gompa - 5.1.3-1

- Update to 5.1.3 (RH#1638470)

* Tue Oct 9 2018 Neal Gompa - 5.1.1-1

- Update to 5.1.1 (RH#1637595)

* Tue Oct 9 2018 Neal Gompa - 5.1-1

- Update to 5.1 (RH#1637516)

[ 1 ] Bug #1673985 - CVE-2019-7628: Pagure version 5.2 leaks API keys by e-mail [fedora-29]

https://bugzilla.redhat.com/show_bug.cgi?id=1673985

[ 2 ] Bug #1680027 - pagure-5.3 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1680027

[ 3 ] Bug #1673984 - CVE-2019-7628: Pagure version 5.2 leaks API keys by e-mail [fedora-rawhide]

https://bugzilla.redhat.com/show_bug.cgi?id=1673984

su -c 'dnf upgrade --advisory FEDORA-2019-4e72b179e4' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/