Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Fedora 9: FEDORA-2009-1519 High Priority: python-fedora Authentication Bug

fedora
Calendar Grey February 12, 2009
Dist Fedora Esm H88
Significant Fedora patch addresses issue within the verify_password function, guaranteeing accurate authentication of username and password.
This release includes a bugfix to the fedora.client.AccountSystem().verify_password() method

Summary

Python modules that help with building Fedora Services. This includes a JSON

based auth provider for authenticating against FAS2 over the network and a

client that handles communication with the servers. The client module can

be used to build programs that communicate with Fedora Infrastructure's

TurboGears Applications such as Bodhi, PackageDB, MirrorManager, and FAS2.

This release includes a bugfix to the

fedora.client.AccountSystem().verify_password() method. verify_password() was

incorrectly returning True (username, password combination was correct) for any

input. Although no known code is using this method to verify a user's account

with the Fedora Account System, the existence of the method and the fact that

anyone using this would be allowing users due to the bug makes this a high

priority bug to fix.

* Sun Feb 8 2009 Toshio Kuratomi - 0.3.9-1

- New upstream with important bugfixes.

* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 0.3.8-2

- Rebuild for Python 2.6

* Thu Nov 20 2008 Toshio Kuratomi - 0.3.8-1

- New upstream with pycurl client backend, more fas methods, and bodhi bugfix.

* Thu Oct 30 2008 Toshio Kuratomi - 0.3.7-1

- New upstream has more complete pkgdb integration.

* Mon Sep 15 2008 Toshio Kuratomi - 0.3.6-2

- Add python-sphinx to the buildrequires.

* Mon Sep 15 2008 Toshio Kuratomi - 0.3.6-1

- New upstream. No longer deps on koji.

* Mon Aug 25 2008 Luke Macken - 0.3.5-1

- New upstream release

* Mon Jul 28 2008 Toshio Kuratomi - 0.3.4-1

- Small fix to proxyclient.send_request() for sequence types.

* Wed Jul 23 2008 Toshio Kuratomi - 0.3.3-1

- A few fixes for the new fas release.

* Sun Jul 20 2008 Luke Macken - 0.3.2-1

- Latest upstream release

- Add koji to the Requires

* Mon Jul 14 2008 Luke Macken - 0.3.1-1

- New upstream bugfix release

* Wed Jul 2 2008 Luke Macken - 0.3-1

- New upstream release.

* Wed Apr 23 2008 Toshio Kuratomi - 0.2.99.11.1-1

- Fix a crasher bug.

* Wed Apr 23 2008 Toshio Kuratomi - 0.2.99.11-1

- New upstream release.

* Wed Apr 23 2008 Toshio Kuratomi - 0.2.99.10-1

- New upstream release.

su -c 'yum update python-fedora' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory software update Fedora authentication bugfix high priority python-fedora

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 9
Version: 0.3.9
Release: 1.fc9
URL: https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
Summary: Python modules for talking to Fedora Infrastructure Services

Topics%20covered

Topics Covered

security advisory software update Fedora authentication bugfix high priority python-fedora

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here