| Summary: | transifex-client 0.13.4 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | RPM Packages | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | filip.komar, rverschelde, sysadmin-bugs, yurchor |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK | ||
| Source RPM: | transifex-client-0.12.4-1.mga6 | CVE: | |
| Status comment: | |||
|
Description
David Walser
2018-07-17 15:20:32 CEST
David Walser
2018-07-17 15:20:49 CEST
Whiteboard:
(none) =>
MGA6TOO I wonder if it wasn't tagged "security" by mistake. The only commit in 0.13.4 that could relate to a potential security issue is https://github.com/transifex/transifex-client/commit/80414a6e98a7b2522e3685ae7af83bf13605a27d Maybe they used to accept any kind of file and that could be used to target their server somehow. At any rate I was working on an update to 0.13.3 in bug 23033, so I'll move to 0.13.4 here. 0.13.4 pushed to Cauldron and 6 core/updates_testing. The Mageia 6 update comes with python-slugify which is a new dependency. I still can't really see this commit 80414a6 as fixing an actual security vulnerability, so I'd propose to downgrade this bug report to a simple bugfix. But I'll let you decide David. Advisory: ========= Updated transifex-client package to support transifex.com features This update brings the latest stable version of transifex-client to Mageia 6, allowing users to benefit from bug fixes and new features to use together with the transifex.com API. See the listed changelogs for details. References: - https://github.com/transifex/transifex-client/releases/tag/0.12.5 - https://github.com/transifex/transifex-client/releases/tag/0.13.0 - https://github.com/transifex/transifex-client/releases/tag/0.13.1 - https://github.com/transifex/transifex-client/releases/tag/0.13.2 - https://github.com/transifex/transifex-client/releases/tag/0.13.3 - https://github.com/transifex/transifex-client/releases/tag/0.13.4 RPMs in core/updates_testing: ============================= python2-slugify-1.2.5-1.mga6.noarch python3-slugify-1.2.5-1.mga6.noarch transifex-client-0.13.4-1.mga6.noarch SRPMs in core/updates_testing: ============================== python-slugify-1.2.5-1.mga6 transifex-client-0.13.4-1.mga6 CC Filip and Yuri to help testing it as they use tx-client for Mageia translations. To install the update candidate, you can use `urpmi --searchmedia testing transifex-client`. Version:
Cauldron =>
6 Yeah it could have been marked security by mistake. It happens sometimes. Component:
Security =>
RPM Packages I've pushed a transifex-client-0.13.4-1.1.mga6 with an additional fix, as the upstream version had a spammy warning message which should only be an info message (https://github.com/transifex/transifex-client/issues/237). RPMs in core/updates_testing: ============================= python2-slugify-1.2.5-1.mga6.noarch python3-slugify-1.2.5-1.mga6.noarch transifex-client-0.13.4-1.1.mga6.noarch SRPMs in core/updates_testing: ============================== python-slugify-1.2.5-1.mga6 transifex-client-0.13.4-1.1.mga6 Tested successfully on Mageia 6 x86_64. Source RPM:
transifex-client-0.13.3-1.mga7.src.rpm =>
transifex-client-0.12.4-1.mga6 Advisory uploaded, validating. Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2018-0133.html Resolution:
(none) =>
FIXED |