Fedora 29: pagure Security Update
Summary
Pagure is a light-weight git-centered forge based on pygit2.
Currently, Pagure offers a web-interface for git repositories, a ticket
system and possibilities to create new projects, fork existing ones and
create/merge pull-requests across or within projects.
Update to Pagure 5.3, which includes the fix for CVE-2019-7628.
* Fri Feb 22 2019 Neal Gompa
- Update to 5.3
- Add weak dependencies for supported database client libraries
- Use macros consistently in the spec
* Fri Feb 1 2019 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 7 2019 Neal Gompa
- Ensure all shebangs are set to the correct Python version
- Fix RHEL conditionals to account for EL8
- Fix pygit2 dependency for EL7
* Mon Jan 7 2019 Neal Gompa
- Update to 5.2
* Fri Dec 14 2018 Neal Gompa
- Backport fix from master to add compatibility with Markdown 3.0+
- Backport fix from master to properly skip legacy hooks
* Tue Oct 30 2018 Neal Gompa
- Update to 5.1.4
* Thu Oct 11 2018 Neal Gompa
- Update to 5.1.3 (RH#1638470)
* Tue Oct 9 2018 Neal Gompa
- Update to 5.1.1 (RH#1637595)
* Tue Oct 9 2018 Neal Gompa
- Update to 5.1 (RH#1637516)
[ 1 ] Bug #1673985 - CVE-2019-7628: Pagure version 5.2 leaks API keys by e-mail [fedora-29]
https://bugzilla.redhat.com/show_bug.cgi?id=1673985
[ 2 ] Bug #1680027 - pagure-5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1680027
[ 3 ] Bug #1673984 - CVE-2019-7628: Pagure version 5.2 leaks API keys by e-mail [fedora-rawhide]
https://bugzilla.redhat.com/show_bug.cgi?id=1673984
su -c 'dnf upgrade --advisory FEDORA-2019-4e72b179e4' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2019-4e72b179e4 2019-02-24 02:32:36.926170 Product : Fedora 29 Version : 5.3 Release : 1.fc29 URL : https://pagure.io/pagure Summary : A git-centered forge Description : Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects. Update to Pagure 5.3, which includes the fix for CVE-2019-7628. * Fri Feb 22 2019 Neal Gompa - 5.3-1 - Update to 5.3 - Add weak dependencies for supported database client libraries - Use macros consistently in the spec * Fri Feb 1 2019 Fedora Release Engineering - 5.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Jan 7 2019 Neal Gompa - 5.2-2 - Ensure all shebangs are set to the correct Python version - Fix RHEL conditionals to account for EL8 - Fix pygit2 dependency for EL7 * Mon Jan 7 2019 Neal Gompa - 5.2-1 - Update to 5.2 * Fri Dec 14 2018 Neal Gompa - 5.1.4-2 - Backport fix from master to add compatibility with Markdown 3.0+ - Backport fix from master to properly skip legacy hooks * Tue Oct 30 2018 Neal Gompa - 5.1.4-1 - Update to 5.1.4 * Thu Oct 11 2018 Neal Gompa - 5.1.3-1 - Update to 5.1.3 (RH#1638470) * Tue Oct 9 2018 Neal Gompa - 5.1.1-1 - Update to 5.1.1 (RH#1637595) * Tue Oct 9 2018 Neal Gompa - 5.1-1 - Update to 5.1 (RH#1637516) [ 1 ] Bug #1673985 - CVE-2019-7628: Pagure version 5.2 leaks API keys by e-mail [fedora-29] https://bugzilla.redhat.com/show_bug.cgi?id=1673985 [ 2 ] Bug #1680027 - pagure-5.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1680027 [ 3 ] Bug #1673984 - CVE-2019-7628: Pagure version 5.2 leaks API keys by e-mail [fedora-rawhide] https://bugzilla.redhat.com/show_bug.cgi?id=1673984 su -c 'dnf upgrade --advisory FEDORA-2019-4e72b179e4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References