openSUSE has issued an advisory today (October 29): https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html The issue is fixed upstream in 5.6.
Fixed by Neal in openSUSE in this commit: https://build.opensuse.org/request/show/839353
Status comment: (none) => Fixed upstream in 5.6Assignee: bugsquad => ngompa13
I've uploaded a fixed version to updates-testing for Mageia 7. This has been fixed in Cauldron for a while now, so there was nothing to do there... Suggested advisory: ======================== Updated pagure packages fix security vulnerabilities: Pagure before 5.6 allows XSS via the templates/blame.html blame view. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11556 https://bugzilla.suse.com/show_bug.cgi?id=1176987 https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318 ======================== Updated packages in core/updates_testing: ======================== pagure-5.5-1.1.mga7 pagure-theme-pagureio-5.5-1.1.mga7 pagure-theme-srcfpo-5.5-1.1.mga7 pagure-theme-chameleon-5.5-1.1.mga7 pagure-milters-5.5-1.1.mga7 pagure-ev-5.5-1.1.mga7 pagure-webhook-5.5-1.1.mga7 pagure-ci-5.5-1.1.mga7 pagure-logcom-5.5-1.1.mga7 pagure-loadjson-5.5-1.1.mga7 pagure-mirror-5.5-1.1.mga7 Source RPMs: pagure-5.5-1.1.mga7.src.rpm
Assignee: ngompa13 => qa-bugsCC: (none) => mageia
Status comment: Fixed upstream in 5.6 => (none)
MGA7-64 MATE on Peaq C1011 No installation issues. No previous updates, so looking for info, found https://pagure.io/pagure. Seems like a lot of fun for knowleadgable people. Just tried to launch from CLI, but trouble: $ pagure-admin Using configuration file `/etc/pagure/pagure.cfg` Error: 'Namespace' object has no attribute 'func' ERROR:root:Generic error catched: Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/pagure/cli/admin.py", line 1034, in main args.func(args) AttributeError: 'Namespace' object has no attribute 'func'
CC: (none) => herman.viaene