Mercurial Repository: p/roundup/code: doc/CVE.txt history

http://hg.code.sf.net:8000/p/roundup/code/atom-log/tip/doc/CVE.txt Mercurial Repository: p/roundup/code: doc/CVE.txt history 2024-07-09T09:34:13-04:00 docs: set up for release documentation. http://hg.code.sf.net:8000/p/roundup/code/#changeset-d6b447de4f5909ddac6d22f6dd51e8e4ebd79c5d John Rouillard rouilj@ieee.org 2024-07-09T09:34:13-04:00 2024-07-09T09:34:13-04:00

changeset	d6b447de4f59
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	docs: set up for release documentation. Make changes to publish security.html with CVE announcements referring to the sections in upgrading.html rather than CVE.html. Remove templates.zip as part of html build in Makefile. Also update doc for using CVE.html.
files

fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 http://hg.code.sf.net:8000/p/roundup/code/#changeset-28aa76443f58bc1605a9933bb4ea4d599c97af5a John Rouillard rouilj@ieee.org 2024-07-09T09:07:09-04:00 2024-07-09T09:07:09-04:00

changeset	28aa76443f58
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's.
files