The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/bugzilla-3.2.10-1.el5https://admin.fedoraproject.org/updates/rt3-3.6.11-2.el5https://admin.fedoraproject.org/updates/puppet-2.6.6-3.el5https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrowse-…https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-…https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el5https://admin.fedoraproject.org/updates/phpMyAdmin3-3.4.5-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
php-pear-Net-Sieve-1.3.2-1.el5
zarafa-7.0.2-1.el5
Details about builds:
================================================================================
php-pear-Net-Sieve-1.3.2-1.el5 (FEDORA-EPEL-2011-4578)
Handles talking to a sieve server
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog:
Version 1.3.2
* Fix referrals if host data or user credentials are passed to connect() and login() instead of the constructor (Aleksander Machniak, Bug #17107).
Version 1.3.1
* Query capabilities again after successful authentication (Jesse Crawford, Request #18382).
* Escape quotes and backslashes in script names, and use literal strings for script names with non-ASCII characters (Aleksander Machniak, Bug #16691).
* Work around broken STARTTLS behavior in Cyrus versions before 2.3.10 (Aleksander Machniak, Bug #18241).
* Improve string literal parsing (Aleksander Machniak, Bug #18228).
Version 1.3.0
* Add debug handler parameter to constructor.
* Fix LOGIN authentication (Agust?n Eijo, Aleksander Machniak, Bug #17527).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 8 2011 Remi Collet <Fedora(a)FamilleCollet.com> 1.3.2-1
- Version 1.3.2 (stable) - API 1.3.0 (stable)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #734484 - LOGIN authentication doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=734484
--------------------------------------------------------------------------------
================================================================================
zarafa-7.0.2-1.el5 (FEDORA-EPEL-2011-4576)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.0.2 Final [29470]
=================================================
Backend
=======
- Improvement ZCP-8012: An option for zarafa-backup which sets the servers to backup in the backup config.
- Fix ZCP-7716: Wrong charset in html body may produce sql error.
- Fix ZCP-7851: IMAP gateway will crash when you select items out of range.
- Fix ZCP-8027: Segfault zarafa-backup with 7.0.0.
- Fix ZCP-8102: Sorting on email address breaks on names with " " (quotes).
- Fix ZCP-8189: Zarafa-server segfault zarafa 7.0.1.
- Fix ZCP-8301: Z-push against 7.0.2 cannot handle uni-code.
- Fix ZCP-8228: Zarafa-msr should validate the destination servers.
- Fix ZCP-8185: Merge translations for 7.0.2.
- Fix ZCP-8266: Merge Zarafa Migration Tool to 7.0 and 6.40 branch.
- Fix ZCP-7890: IMAP email not removed from database on delete.
- Fix ZCP-7916: Possible table failure on SQL deadlock.
- Fix ZCP-7917: Recalc store size script doesn't work on Zarafa database created with 7.
- Fix ZCP-7924: Not all opensource parts of zarafa-archiver are shipped.
- Fix ZCP-7951: LDAP query conflicts sometimes with users/contacts.
- Fix ZCP-7952: LMTP accepts DATA even with no RCPT's.
- Fix ZCP-7978: Password output in debug log of caldav server.
- Fix ZCP-7983: PHP include files of php-ext use mktime() without arguments. This results in PHP error for WebApp.
- Fix ZCP-7987: LMTP may not respond on error.
- Fix ZCP-7997: Small bugs in session locking can cause server-wide problems.
- Fix ZCP-8005: Indexer doesn't index store when one message contains a stream error.
- Fix ZCP-8015: Use epoll for socket dispatching.
- Fix ZCP-8018: Ical uid containing base64 with / character breaks caldav.
- Fix ZCP-8053: Settings unicode strings outside the BMP (above 0x10000) cause database errors.
- Fix ZCP-8054: Correction man page zarafa-admin --hookstore.
- Fix ZCP-8060: Non-MVI columns show MAPI_E_NOT_FOUND for table with MVI expansion.
- Fix ZCP-8063: Config.php.dist in source package contains dos enters.
- Fix ZCP-8069: Company view loses name in gab dropdown for viewable companies.
- Fix ZCP-8073: Make msr log location configurable.
- Fix ZCP-8081: Delegate meeting request only for delegate leaves original email in SMTP queue.
- Fix ZCP-8083: PR_EC_PUBLIC_IPM_SUBTREE_ENTRYID fails to return correct proptag in GetProps().
- Fix ZCP-8094: Add zarafa-msr example config to zarafa-multiserver package.
- Fix ZCP-8096: Document how to Add option to msi installer of zarafa-client, so you can deploy it without autoupdater installed.
- Fix ZCP-8097: Unable to delete company with multi-tenancy and DB plugin.
- Fix ZCP-8118: SQL error after archiving mails attachments.
- Fix ZCP-8120: Set-system-admin fails to set company system admin.
- Fix ZCP-8131: PHP commandline can cause SIGSEGV.
- Fix ZCP-8132: Segfault zarafa-ical 7.0.0-27791.
- Fix ZCP-8134: No description found in the zarafa-admin man page about --user-count.
- Fix ZCP-8150: Zarafa-admin --list-companies tries double free on a user object.
- Fix ZCP-8157: Zarafa-admin --utf8 --create-store --lang "en_US" fails silently.
- Fix ZCP-8161: Zarafa Monitor and stats show 'wrong' information.
- Fix ZCP-8162: Zarafa-backup may incrementally backup items which aren't changed.
- Fix ZCP-8166: Ical-gateway in 7.0.1 crashes, if KDE-Kontact tries to upload the ics-file.
- Fix ZCP-8171: Change [servers] section in msr to be optional, so you need this option in the config.
- Fix ZCP-8178: Iphone splits comma separated names inside doublequotes into two addresses when answering the mail.
- Fix ZCP-8187: Create the upload set for Ubuntu repo for 7.0.
- Fix ZCP-8199: HTML Filter is filtering out lines while it should not.
- Fix ZCP-8206: Pthread_join called twice on the same pthread_t in WSStreamOps::CloseAndGetAsyncResult() and Release().
- Fix ZCP-8212: Zarafa-server segfault zarafa 7.0.1.
- Fix ZCP-8227: Merge Patch for Timezone function used in current webaccess is depricated in php 5.3.
- Fix ZCP-8229: Session stats may lock sessionmanager too long.
- Fix ZCP-8234: Mac Ical 5 does not work with Zarafa.
- Fix ZCP-8246: Zarafa-backup can fail after deleting some folders.
- Fix ZCP-8247: Upgrade of searchfolders restriction data containing high-characters may fail.
- Fix ZCP-8249: Company store size only contains public folder size.
- Fix ZCP-8265: Mac Ical 5 cannot work with non-English stores.
- Fix ZCP-8272: Indexer doesn't delete lockfiles at startup, even though log message says it does.
- Fix ZCP-8274: Messages are still accessible under the old entryid even after a move.
- Fix ZCP-8288: Remove 50% non-active limit, so you can have enough shared mailboxes when using the archiver.
- Fix ZCP-8239: Session stats may lock sessionmanager too long.
- Fix ZCP-8326: Possible 100% cpu usage during QueryRows.
- Fix ZCP-8347: Public calendars do not work with Mac Ical 4.
- Fix ZCP-8370: Mac ical will no show items created in a public calendar.
- Fix ZCP-8369: Zarafa-server won't shutdown with epoll (sometimes).
Webaccess
=========
- Improvement ZCP-8050: Option to hide private emails for delegates(is now linked to the permission "Delegate can see my private items in the delegation menu."
- Fix ZCP-7394: Reading pane setting is not used when pane is already on a folder.
- Fix ZCP-8030: Delegate can't open private appointment with the correct rights.
- Fix ZCP-7680: Open email after second search in Advanced find is not possible.
- Fix ZCP-7928: Create new email window does not close after clicking send.
- Fix ZCP-7931: Trunk fixes for meeting request class to only set ResponseStatus property when user has really processed it.
- Fix ZCP-7937: Fixes to show meeting request details when meeting request is opened in preview.
- Fix ZCP-7938: Backend items to allow Webapp function to Create propose new time dialog.
- Fix ZCP-7939: Backend fixes to create testcases for MeetingRequest class and document it properly.
- Fix ZCP-7940: Fixes show MR details when MR is opened in showmail dialog.
- Fix ZCP-7919: Replying to email (in plain-text) with inline image creates an inline.txt attachment.
- Fix ZCP-7920: Attachments with quote-printable in the middle oof the file name not displayed correctly.
- Fix ZCP-7922: Webaccess still show automatically resource type in meeting request after changing from equipment to shared store.
- Fix ZCP-7948: Opening WebAccess in two tabs creates conflicting Ids in the webclient.
- Fix ZCP-7981: Open shared folder 'Show subfolders' checkbox is untranslatable.
- Fix ZCP-7985: Timezone will create a one hour difference if you change appointment to recurring (BRT -3).
- Fix ZCP-8002: Month and day names are not translated in 7.0.0 when sending task request in finish.
- Fix ZCP-8020: Implementation Username in WebAccess URL.
- Fix ZCP-8032: Organizer wrong in Muc with Secretary rights.
- Fix ZCP-8034: Cannot turn off reminder of an all day occurence.
- Fix ZCP-8066: Inline images are not shown in attachment.
- Fix ZCP-8076: Attachment not in mail when send with Edit as New Message.
- Fix ZCP-8087: Reminders shown are not for the latest occurrence.
- Fix ZCP-8123: Download all attachment will take subject as file name but does not work with unicode.
- Fix ZCP-8136: Webaccess advanced find does not find categorized items.
- Fix ZCP-8138: Zarafa Webaccess 6.40.4 sets the birthday reminder incorrectly.
- Fix ZCP-8151: Outbox counter shows unread messages, not total.
- Fix ZCP-8175: CTRL+ENTER in WA if typing in body / body active in non-IE browsers.
- Fix ZCP-8219: Read receipt pop-up comes over and over again when message was read via Z-push.
- Fix ZCP-8267: Folders in Public folder can't be renamed.
- Fix ZCP-8268: Large location name will go out of the appointment box.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 1 2011 Robert Scheck <robert(a)fedoraproject.org> 7.0.2-1
- Upgrade to 7.0.2 (#717968)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #717968 - Zarafa doesn't work as user/group zarafa
https://bugzilla.redhat.com/show_bug.cgi?id=717968
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1https://admin.fedoraproject.org/updates/puppet-2.6.6-3.el6https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el6https://admin.fedoraproject.org/updates/Django-1.2.7-1.el6https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-…https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.5-1.el6https://admin.fedoraproject.org/updates/perl-FCGI-0.71-4.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
php-pear-Net-Sieve-1.3.2-1.el6
unetbootin-0-10.555bzr.el6
zarafa-7.0.2-1.el6
Details about builds:
================================================================================
php-pear-Net-Sieve-1.3.2-1.el6 (FEDORA-EPEL-2011-4575)
Handles talking to a sieve server
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog:
Version 1.3.2
* Fix referrals if host data or user credentials are passed to connect() and login() instead of the constructor (Aleksander Machniak, Bug #17107).
Version 1.3.1
* Query capabilities again after successful authentication (Jesse Crawford, Request #18382).
* Escape quotes and backslashes in script names, and use literal strings for script names with non-ASCII characters (Aleksander Machniak, Bug #16691).
* Work around broken STARTTLS behavior in Cyrus versions before 2.3.10 (Aleksander Machniak, Bug #18241).
* Improve string literal parsing (Aleksander Machniak, Bug #18228).
Version 1.3.0
* Add debug handler parameter to constructor.
* Fix LOGIN authentication (Agust?n Eijo, Aleksander Machniak, Bug #17527).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 8 2011 Remi Collet <Fedora(a)FamilleCollet.com> 1.3.2-1
- Version 1.3.2 (stable) - API 1.3.0 (stable)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #734484 - LOGIN authentication doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=734484
--------------------------------------------------------------------------------
================================================================================
unetbootin-0-10.555bzr.el6 (FEDORA-EPEL-2011-4577)
Create bootable Live USB drives for a variety of Linux distributions
--------------------------------------------------------------------------------
Update Information:
Update to revision 555.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 1 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 0-10.555bzr
- Update to revision 555.
* Mon May 9 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 0-10.549bzr
- Bump spec.
* Thu Apr 28 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 0-9.549bzr
- Update to revision 549.
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0-9.494bzr
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Oct 15 2010 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 0-8.494bzr
- Update to revision 494.
--------------------------------------------------------------------------------
================================================================================
zarafa-7.0.2-1.el6 (FEDORA-EPEL-2011-4579)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.0.2 Final [29470]
=================================================
Backend
=======
- Improvement ZCP-8012: An option for zarafa-backup which sets the servers to backup in the backup config.
- Fix ZCP-7716: Wrong charset in html body may produce sql error.
- Fix ZCP-7851: IMAP gateway will crash when you select items out of range.
- Fix ZCP-8027: Segfault zarafa-backup with 7.0.0.
- Fix ZCP-8102: Sorting on email address breaks on names with " " (quotes).
- Fix ZCP-8189: Zarafa-server segfault zarafa 7.0.1.
- Fix ZCP-8301: Z-push against 7.0.2 cannot handle uni-code.
- Fix ZCP-8228: Zarafa-msr should validate the destination servers.
- Fix ZCP-8185: Merge translations for 7.0.2.
- Fix ZCP-8266: Merge Zarafa Migration Tool to 7.0 and 6.40 branch.
- Fix ZCP-7890: IMAP email not removed from database on delete.
- Fix ZCP-7916: Possible table failure on SQL deadlock.
- Fix ZCP-7917: Recalc store size script doesn't work on Zarafa database created with 7.
- Fix ZCP-7924: Not all opensource parts of zarafa-archiver are shipped.
- Fix ZCP-7951: LDAP query conflicts sometimes with users/contacts.
- Fix ZCP-7952: LMTP accepts DATA even with no RCPT's.
- Fix ZCP-7978: Password output in debug log of caldav server.
- Fix ZCP-7983: PHP include files of php-ext use mktime() without arguments. This results in PHP error for WebApp.
- Fix ZCP-7987: LMTP may not respond on error.
- Fix ZCP-7997: Small bugs in session locking can cause server-wide problems.
- Fix ZCP-8005: Indexer doesn't index store when one message contains a stream error.
- Fix ZCP-8015: Use epoll for socket dispatching.
- Fix ZCP-8018: Ical uid containing base64 with / character breaks caldav.
- Fix ZCP-8053: Settings unicode strings outside the BMP (above 0x10000) cause database errors.
- Fix ZCP-8054: Correction man page zarafa-admin --hookstore.
- Fix ZCP-8060: Non-MVI columns show MAPI_E_NOT_FOUND for table with MVI expansion.
- Fix ZCP-8063: Config.php.dist in source package contains dos enters.
- Fix ZCP-8069: Company view loses name in gab dropdown for viewable companies.
- Fix ZCP-8073: Make msr log location configurable.
- Fix ZCP-8081: Delegate meeting request only for delegate leaves original email in SMTP queue.
- Fix ZCP-8083: PR_EC_PUBLIC_IPM_SUBTREE_ENTRYID fails to return correct proptag in GetProps().
- Fix ZCP-8094: Add zarafa-msr example config to zarafa-multiserver package.
- Fix ZCP-8096: Document how to Add option to msi installer of zarafa-client, so you can deploy it without autoupdater installed.
- Fix ZCP-8097: Unable to delete company with multi-tenancy and DB plugin.
- Fix ZCP-8118: SQL error after archiving mails attachments.
- Fix ZCP-8120: Set-system-admin fails to set company system admin.
- Fix ZCP-8131: PHP commandline can cause SIGSEGV.
- Fix ZCP-8132: Segfault zarafa-ical 7.0.0-27791.
- Fix ZCP-8134: No description found in the zarafa-admin man page about --user-count.
- Fix ZCP-8150: Zarafa-admin --list-companies tries double free on a user object.
- Fix ZCP-8157: Zarafa-admin --utf8 --create-store --lang "en_US" fails silently.
- Fix ZCP-8161: Zarafa Monitor and stats show 'wrong' information.
- Fix ZCP-8162: Zarafa-backup may incrementally backup items which aren't changed.
- Fix ZCP-8166: Ical-gateway in 7.0.1 crashes, if KDE-Kontact tries to upload the ics-file.
- Fix ZCP-8171: Change [servers] section in msr to be optional, so you need this option in the config.
- Fix ZCP-8178: Iphone splits comma separated names inside doublequotes into two addresses when answering the mail.
- Fix ZCP-8187: Create the upload set for Ubuntu repo for 7.0.
- Fix ZCP-8199: HTML Filter is filtering out lines while it should not.
- Fix ZCP-8206: Pthread_join called twice on the same pthread_t in WSStreamOps::CloseAndGetAsyncResult() and Release().
- Fix ZCP-8212: Zarafa-server segfault zarafa 7.0.1.
- Fix ZCP-8227: Merge Patch for Timezone function used in current webaccess is depricated in php 5.3.
- Fix ZCP-8229: Session stats may lock sessionmanager too long.
- Fix ZCP-8234: Mac Ical 5 does not work with Zarafa.
- Fix ZCP-8246: Zarafa-backup can fail after deleting some folders.
- Fix ZCP-8247: Upgrade of searchfolders restriction data containing high-characters may fail.
- Fix ZCP-8249: Company store size only contains public folder size.
- Fix ZCP-8265: Mac Ical 5 cannot work with non-English stores.
- Fix ZCP-8272: Indexer doesn't delete lockfiles at startup, even though log message says it does.
- Fix ZCP-8274: Messages are still accessible under the old entryid even after a move.
- Fix ZCP-8288: Remove 50% non-active limit, so you can have enough shared mailboxes when using the archiver.
- Fix ZCP-8239: Session stats may lock sessionmanager too long.
- Fix ZCP-8326: Possible 100% cpu usage during QueryRows.
- Fix ZCP-8347: Public calendars do not work with Mac Ical 4.
- Fix ZCP-8370: Mac ical will no show items created in a public calendar.
- Fix ZCP-8369: Zarafa-server won't shutdown with epoll (sometimes).
Webaccess
=========
- Improvement ZCP-8050: Option to hide private emails for delegates(is now linked to the permission "Delegate can see my private items in the delegation menu."
- Fix ZCP-7394: Reading pane setting is not used when pane is already on a folder.
- Fix ZCP-8030: Delegate can't open private appointment with the correct rights.
- Fix ZCP-7680: Open email after second search in Advanced find is not possible.
- Fix ZCP-7928: Create new email window does not close after clicking send.
- Fix ZCP-7931: Trunk fixes for meeting request class to only set ResponseStatus property when user has really processed it.
- Fix ZCP-7937: Fixes to show meeting request details when meeting request is opened in preview.
- Fix ZCP-7938: Backend items to allow Webapp function to Create propose new time dialog.
- Fix ZCP-7939: Backend fixes to create testcases for MeetingRequest class and document it properly.
- Fix ZCP-7940: Fixes show MR details when MR is opened in showmail dialog.
- Fix ZCP-7919: Replying to email (in plain-text) with inline image creates an inline.txt attachment.
- Fix ZCP-7920: Attachments with quote-printable in the middle oof the file name not displayed correctly.
- Fix ZCP-7922: Webaccess still show automatically resource type in meeting request after changing from equipment to shared store.
- Fix ZCP-7948: Opening WebAccess in two tabs creates conflicting Ids in the webclient.
- Fix ZCP-7981: Open shared folder 'Show subfolders' checkbox is untranslatable.
- Fix ZCP-7985: Timezone will create a one hour difference if you change appointment to recurring (BRT -3).
- Fix ZCP-8002: Month and day names are not translated in 7.0.0 when sending task request in finish.
- Fix ZCP-8020: Implementation Username in WebAccess URL.
- Fix ZCP-8032: Organizer wrong in Muc with Secretary rights.
- Fix ZCP-8034: Cannot turn off reminder of an all day occurence.
- Fix ZCP-8066: Inline images are not shown in attachment.
- Fix ZCP-8076: Attachment not in mail when send with Edit as New Message.
- Fix ZCP-8087: Reminders shown are not for the latest occurrence.
- Fix ZCP-8123: Download all attachment will take subject as file name but does not work with unicode.
- Fix ZCP-8136: Webaccess advanced find does not find categorized items.
- Fix ZCP-8138: Zarafa Webaccess 6.40.4 sets the birthday reminder incorrectly.
- Fix ZCP-8151: Outbox counter shows unread messages, not total.
- Fix ZCP-8175: CTRL+ENTER in WA if typing in body / body active in non-IE browsers.
- Fix ZCP-8219: Read receipt pop-up comes over and over again when message was read via Z-push.
- Fix ZCP-8267: Folders in Public folder can't be renamed.
- Fix ZCP-8268: Large location name will go out of the appointment box.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 1 2011 Robert Scheck <robert(a)fedoraproject.org> 7.0.2-1
- Upgrade to 7.0.2 (#717968)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #717968 - Zarafa doesn't work as user/group zarafa
https://bugzilla.redhat.com/show_bug.cgi?id=717968
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1https://admin.fedoraproject.org/updates/puppet-2.6.6-3.el6https://admin.fedoraproject.org/updates/Django-1.2.7-1.el6https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-…https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el6https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.5-1.el6https://admin.fedoraproject.org/updates/perl-FCGI-0.71-4.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
Django-1.2.7-1.el6
drupal6-pathauto-2.0-0.4.rc2.el6
facter-1.6.1-1.el6
firebird-2.5.1.26349.O-1.el6
gromacs-4.5.5-1.el6
puppet-2.6.6-3.el6
python-asciitable-0.7.1-1.el6
Details about builds:
================================================================================
Django-1.2.7-1.el6 (FEDORA-EPEL-2011-4574)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
Previous update actually misses several patches related to the security vulnerabilities it intended to address
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Michel Salim <salimma(a)fedoraproject.org> - 1.2.7-1
- Update to 1.2.7, properly fixing security flaws (# 737366)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #742466 - Django: v1.3.1, v1.2.7 multiple security flaws [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=742466
--------------------------------------------------------------------------------
================================================================================
drupal6-pathauto-2.0-0.4.rc2.el6 (FEDORA-EPEL-2011-4569)
Automatically generates path aliases
--------------------------------------------------------------------------------
Update Information:
Updated to 2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Peter Borsa <asrob@claire> - 2.0-0.4.rc2
- Updated to 2.0 version.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
facter-1.6.1-1.el6 (FEDORA-EPEL-2011-4571)
Ruby module for collecting simple facts about a host operating system
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release. Refer to the release announcement for full details:
http://groups.google.com/group/puppet-users/browse_thread/thread/d2061ec626…
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Todd Zullinger <tmz(a)pobox.com> - 1.6.1-1
- Update to 1.6.1
- Minor spec file reformatting
--------------------------------------------------------------------------------
================================================================================
firebird-2.5.1.26349.O-1.el6 (FEDORA-EPEL-2011-4570)
SQL relational database management system
--------------------------------------------------------------------------------
Update Information:
- new upstream (bug fix release)
- added patch from upstream to fix Firebird CORE-3610
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Philippe Makowski <makowski(a)fedoraproject.org> 2.5.1.26349.0-1
- new upstream (bug fix release)
- added patch from upstream to fix Firebird CORE-3610
--------------------------------------------------------------------------------
================================================================================
gromacs-4.5.5-1.el6 (FEDORA-EPEL-2011-4564)
Fast, Free and Flexible Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:
Bugfix update to 4.5.5, see http://lists.gromacs.org/pipermail/gmx-users/2011-September/064683.html for release info.
First build in EL6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #739875 - gromacs-4.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=739875
[ 2 ] Bug #739212 - EL-6 branch is missing
https://bugzilla.redhat.com/show_bug.cgi?id=739212
--------------------------------------------------------------------------------
================================================================================
puppet-2.6.6-3.el6 (FEDORA-EPEL-2011-4568)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
The following vulnerabilities have been discovered and fixed:
* CVE-2011-3870, a symlink attack via a user's SSH authorized_keys file
* CVE-2011-3869, a symlink attack via a user's .k5login file
* CVE-2011-3871, a privilege escalation attack via the temp file used by the puppet resource application
* A low-risk file indirector injection attack
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46…
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Todd Zullinger <tmz(a)pobox.com> - 2.6.6-3
- Apply upstream patches for CVE-2011-3869, CVE-2011-3870, CVE-2011-3871, and
upstream #9793
* Tue Sep 27 2011 Todd Zullinger <tmz(a)pobox.com> - 2.6.6-2
- Apply upstream patch for CVE-2011-3848
--------------------------------------------------------------------------------
================================================================================
python-asciitable-0.7.1-1.el6 (FEDORA-EPEL-2011-4560)
Extensible ASCII table reader and writer
--------------------------------------------------------------------------------
Update Information:
This is a minor feature and bug-fix release
* Add a method inconsistent_handler() to the BaseReader class as a hook to handle rows with an inconsistent number of data columns (contributed by Erik Tollerud).
* Output a more informative error message when guessing fails.
* Fix issues in column type handling, mostly related to the MemoryReader class which is used for writing tables.
* Fix a problem in guessing where user-supplied args were not filtering the guess possibilities correctly.
* Fix problem reading a single column, string-only table with MemoryReader on MacOS.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Sergio Pascual <sergiopr(a)fedoraproject.org> - 0.7.1-1
- New upstream version, with bugfixes
--------------------------------------------------------------------------------
The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/bugzilla-3.2.10-1.el5https://admin.fedoraproject.org/updates/rt3-3.6.11-2.el5https://admin.fedoraproject.org/updates/puppet-2.6.6-3.el5https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrowse-…https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-…https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el5https://admin.fedoraproject.org/updates/phpMyAdmin3-3.4.5-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal6-pathauto-2.0-0.4.rc2.el5
facter-1.6.1-1.el5
gromacs-4.5.5-1.el5
netatalk-2.0.5-3.el5
puppet-2.6.6-3.el5
python-asciitable-0.7.1-1.el5
Details about builds:
================================================================================
drupal6-pathauto-2.0-0.4.rc2.el5 (FEDORA-EPEL-2011-4563)
Automatically generates path aliases
--------------------------------------------------------------------------------
Update Information:
Updated to 2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Peter Borsa <asrob@claire> - 2.0-0.4.rc2
- Updated to 2.0 version.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
facter-1.6.1-1.el5 (FEDORA-EPEL-2011-4572)
Ruby module for collecting simple facts about a host operating system
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release. Refer to the release announcement for full details:
http://groups.google.com/group/puppet-users/browse_thread/thread/d2061ec626…
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Todd Zullinger <tmz(a)pobox.com> - 1.6.1-1
- Update to 1.6.1
- Minor spec file reformatting
--------------------------------------------------------------------------------
================================================================================
gromacs-4.5.5-1.el5 (FEDORA-EPEL-2011-4562)
Fast, Free and Flexible Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:
Bugfix update to 4.5.5, see http://lists.gromacs.org/pipermail/gmx-users/2011-September/064683.html for release info.
First build in EL6.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 4.5.5-1
- Update to 4.5.5.
* Wed Jun 8 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 4.5.4-1
- Update to 4.5.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #739875 - gromacs-4.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=739875
[ 2 ] Bug #739212 - EL-6 branch is missing
https://bugzilla.redhat.com/show_bug.cgi?id=739212
--------------------------------------------------------------------------------
================================================================================
netatalk-2.0.5-3.el5 (FEDORA-EPEL-2011-4567)
AppleTalk networking programs
--------------------------------------------------------------------------------
Update Information:
rebuild with libcrypt
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Jiri Skala <jskala(a)redhat.com> - 4:2.0.5-3
- rebuild for bodhi
* Fri Jul 22 2011 Jiri Skala <jskala(a)redhat.com> - 4:2.0.5-2
- add option --with-libcrypt
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #731217 - DHX2 UAMS support in Netatalk
https://bugzilla.redhat.com/show_bug.cgi?id=731217
--------------------------------------------------------------------------------
================================================================================
puppet-2.6.6-3.el5 (FEDORA-EPEL-2011-4573)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
The following vulnerabilities have been discovered and fixed:
* CVE-2011-3870, a symlink attack via a user's SSH authorized_keys file
* CVE-2011-3869, a symlink attack via a user's .k5login file
* CVE-2011-3871, a privilege escalation attack via the temp file used by the puppet resource application
* A low-risk file indirector injection attack
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46…
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740f…
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 29 2011 Todd Zullinger <tmz(a)pobox.com> - 2.6.6-3
- Apply upstream patches for CVE-2011-3869, CVE-2011-3870, CVE-2011-3871, and
upstream #9793
* Tue Sep 27 2011 Todd Zullinger <tmz(a)pobox.com> - 2.6.6-2
- Apply upstream patch for CVE-2011-3848
--------------------------------------------------------------------------------
================================================================================
python-asciitable-0.7.1-1.el5 (FEDORA-EPEL-2011-4566)
Extensible ASCII table reader and writer
--------------------------------------------------------------------------------
Update Information:
This is a minor feature and bug-fix release
* Add a method inconsistent_handler() to the BaseReader class as a hook to handle rows with an inconsistent number of data columns (contributed by Erik Tollerud).
* Output a more informative error message when guessing fails.
* Fix issues in column type handling, mostly related to the MemoryReader class which is used for writing tables.
* Fix a problem in guessing where user-supplied args were not filtering the guess possibilities correctly.
* Fix problem reading a single column, string-only table with MemoryReader on MacOS.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 30 2011 Sergio Pascual <sergiopr(a)fedoraproject.org> - 0.7.1-1
- New upstream version, with bugfixes
--------------------------------------------------------------------------------