<!DOCTYPE html>
<html>
<head>
</head>
<body style='font: 12pt Roboto, "DejaVu Sans", Arial; margin-left: 5px; margin-right: 5px;'>
<div id="entry">
<h1 style='font: 12pt Roboto, "DejaVu Sans", Arial; display:block; background: #c0cf88; border-bottom: solid 3px #573; padding: 5px; margin-top: 0px; color: #573;'><a href="https://kallithea-scm.org/repos/kallithea/changeset/81057be7a5c10e1cd08d32c923468e41cf417ed1" style="text-decoration: none; font-weight: bold; color: #573;">auth: properly invoke PermFunctions (CVE-2016-3114) This fixes a vulnerability that allowed logged-in users to edit or delete open pull requests associated ...</a></h1>
<div id="body">
kwi committed on 2016-04-19 14:57:38<br />branch: stable<br />changeset: <a href="https://kallithea-scm.org/repos/kallithea/changeset/81057be7a5c10e1cd08d32c923468e41cf417ed1">81057be7</a><pre>auth: properly invoke PermFunctions (CVE-2016-3114)
This fixes a vulnerability that allowed logged-in users to edit or
delete open pull requests associated with any repository to which
they had read access, plus a related vulnerability allowing logged-in
users to delete any comment from any repository, provided they could
determine the comment ID and had read access to just one repository.
M kallithea/controllers/changeset.py (4 lines added, 4 lines removed)
M kallithea/controllers/pullrequests.py (2 lines added, 2 lines removed)</pre>
</div>
</div>
</div>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
</head>
<body style='font: 12pt Roboto, "DejaVu Sans", Arial; margin-left: 5px; margin-right: 5px;'>
<div id="entry">
<h1 style='font: 12pt Roboto, "DejaVu Sans", Arial; display:block; background: #c0cf88; border-bottom: solid 3px #573; padding: 5px; margin-top: 0px; color: #573;'><a href="https://kallithea-scm.org/repos/kallithea/changeset/9b74296e6af624023970d8634e804b76ed2dd2b4" style="text-decoration: none; font-weight: bold; color: #573;">auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691) Routes allows GET requests to override the HTTP method, which breaks the Kallithea CSRF ...</a></h1>
<div id="body">
kwi committed on 2016-04-19 16:02:56<br />branch: stable<br />changeset: <a href="https://kallithea-scm.org/repos/kallithea/changeset/9b74296e6af624023970d8634e804b76ed2dd2b4">9b74296e</a><pre>auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)
Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).
This commit blocks such GET request, preventing CSRF attacks.
M kallithea/lib/auth.py (10 lines added, 0 lines removed)</pre>
</div>
</div>
</div>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
</head>
<body style='font: 12pt Roboto, "DejaVu Sans", Arial; margin-left: 5px; margin-right: 5px;'>
<div id="entry">
<h1 style='font: 12pt Roboto, "DejaVu Sans", Arial; display:block; background: #c0cf88; border-bottom: solid 3px #573; padding: 5px; margin-top: 0px; color: #573;'><a href="https://kallithea-scm.org/repos/kallithea/changeset/a84d40e9481fcea4dafadee86b03f0dd401527d6" style="text-decoration: none; font-weight: bold; color: #573;">release: 0.3.2</a></h1>
<div id="body">
andrewsh committed on 2016-05-02 16:52:41<br />branch: stable<br />tag: 0.3.2<br />changeset: <a href="https://kallithea-scm.org/repos/kallithea/changeset/a84d40e9481fcea4dafadee86b03f0dd401527d6">a84d40e9</a><pre>release: 0.3.2
M kallithea/__init__.py (1 lines added, 1 lines removed)</pre>
</div>
</div>
</div>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
</head>
<body style='font: 12pt Roboto, "DejaVu Sans", Arial; margin-left: 5px; margin-right: 5px;'>
<div id="entry">
<h1 style='font: 12pt Roboto, "DejaVu Sans", Arial; display:block; background: #c0cf88; border-bottom: solid 3px #573; padding: 5px; margin-top: 0px; color: #573;'><a href="https://kallithea-scm.org/repos/kallithea/changeset/f40905c3257c7e0a2c1b579f9d08303e0781cb47" style="text-decoration: none; font-weight: bold; color: #573;">Added tag 0.3.2 for changeset a84d40e9481f Added signature for changeset a84d40e9481f</a></h1>
<div id="body">
andrewsh committed on 2016-05-02 16:54:04<br />branch: stable<br />tag: tip<br />changeset: <a href="https://kallithea-scm.org/repos/kallithea/changeset/f40905c3257c7e0a2c1b579f9d08303e0781cb47">f40905c3</a><pre>Added tag 0.3.2 for changeset a84d40e9481f
Added signature for changeset a84d40e9481f
M .hgsigs (1 lines added, 0 lines removed)
M .hgtags (1 lines added, 1 lines removed)</pre>
</div>
</div>
</div>
</body>
</html>