[Bug 445018] Review Request: python-beaker - WSGI middleware for sessions
bugzilla at redhat.com
bugzilla at redhat.com
Sat May 10 21:03:34 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: python-beaker - WSGI middleware for sessions
https://bugzilla.redhat.com/show_bug.cgi?id=445018
------- Additional Comments From felix.schwarz at oss.schwarz.eu 2008-05-10 17:03 EST -------
There are some problems with your submission:
First of all please update the package to 0.9.4 as 0.9.3 contains a remotely
exploitable bug (allows overwriting arbitrary files, manipulating the
application's session and last but not least remote code execution, see
http://groups.google.com/group/turbogears/browse_thread/thread/0f1079fb982c549b
for more details).
Furthermore there are some problems with your spec file:
$ rpmlint python-beaker-0.9.3-1.fc8.src.rpm
python-beaker.src: W: summary-ended-with-dot WSGI middleware layer to provide
sessions.
Please fix this (and assure that rpmlint does not complain about other things).
Manual inspection of the spec file revealed another issue:
"Source0: http://pypi.python.org/packages/source/B/Beaker-%{version}.tar.gz"
This URL is not valid,
http://pypi.python.org/packages/source/B/Beaker-0.9.3.tar.gz does not exist.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-package-review
mailing list