[SECURITY] Fedora EPEL 5 Update: rubygem-activesupport-2.1.1-2.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0500
2009-09-22 21:52:04
--------------------------------------------------------------------------------
Name : rubygem-activesupport
Product : Fedora EPEL 5
Version : 2.1.1
Release : 2.el5
URL : http://www.rubyonrails.org
Summary : Support and utility classes used by the Rails framework
Description :
Utility library which carries commonly used classes and
goodies from the Rails framework
--------------------------------------------------------------------------------
Update Information:
A vulnerability is found on Ruby on Rails in the escaping code for the form
helpers, which also affects the rpms shipped in Fedora Project. Attackers who
can inject deliberately malformed unicode strings into the form helpers can
defeat the escaping checks and inject arbitrary HTML. This issue has been tagged
as CVE-2009-3009. These new rpms will fix this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #520843 - CVE-2009-3009 ruby-activesupport: XSS vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=520843
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update rubygem-activesupport' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
[SECURITY] Fedora EPEL 5 Update: rubygem-actionpack-2.1.1-3.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0500
2009-09-22 21:52:04
--------------------------------------------------------------------------------
Name : rubygem-actionpack
Product : Fedora EPEL 5
Version : 2.1.1
Release : 3.el5
URL : http://www.rubyonrails.org
Summary : Web-flow and rendering framework putting the VC in MVC
Description :
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.
--------------------------------------------------------------------------------
Update Information:
A vulnerability is found on Ruby on Rails in the escaping code for the form
helpers, which also affects the rpms shipped in Fedora Project. Attackers who
can inject deliberately malformed unicode strings into the form helpers can
defeat the escaping checks and inject arbitrary HTML. This issue has been tagged
as CVE-2009-3009. These new rpms will fix this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #520843 - CVE-2009-3009 ruby-activesupport: XSS vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=520843
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update rubygem-actionpack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
Fedora EPEL 4 Update: glew-1.5.1-3.el4.1
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0417
2009-09-08 22:25:30
--------------------------------------------------------------------------------
Name : glew
Product : Fedora EPEL 4
Version : 1.5.1
Release : 3.el4.1
URL : http://glew.sourceforge.net
Summary : The OpenGL Extension Wrangler Library
Description :
The OpenGL Extension Wrangler Library (GLEW) is a cross-platform C/C++
extension loading library. GLEW provides efficient run-time mechanisms for
determining which OpenGL extensions are supported on the target platform.
OpenGL core and extension functionality is exposed in a single header file.
GLEW is available for a variety of operating systems, including Windows, Linux,
Mac OS X, FreeBSD, Irix, and Solaris.
--------------------------------------------------------------------------------
Update Information:
The OpenGL Extension Wrangler Library (GLEW) is a cross-platform C/C++ extension
loading library. GLEW provides efficient run-time mechanisms for determining
which OpenGL extensions are supported on the target platform. OpenGL core and
extension functionality is exposed in a single header file. GLEW is available
for a variety of operating systems, including Windows, Linux, Mac OS X, FreeBSD,
Irix, and Solaris.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update glew' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
Fedora EPEL 5 Update: glew-1.5.1-3.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0411
2009-09-08 22:25:13
--------------------------------------------------------------------------------
Name : glew
Product : Fedora EPEL 5
Version : 1.5.1
Release : 3.el5
URL : http://glew.sourceforge.net
Summary : The OpenGL Extension Wrangler Library
Description :
The OpenGL Extension Wrangler Library (GLEW) is a cross-platform C/C++
extension loading library. GLEW provides efficient run-time mechanisms for
determining which OpenGL extensions are supported on the target platform.
OpenGL core and extension functionality is exposed in a single header file.
GLEW is available for a variety of operating systems, including Windows, Linux,
Mac OS X, FreeBSD, Irix, and Solaris.
--------------------------------------------------------------------------------
Update Information:
The OpenGL Extension Wrangler Library (GLEW) is a cross-platform C/C++ extension
loading library. GLEW provides efficient run-time mechanisms for determining
which OpenGL extensions are supported on the target platform. OpenGL core and
extension functionality is exposed in a single header file. GLEW is available
for a variety of operating systems, including Windows, Linux, Mac OS X, FreeBSD,
Irix, and Solaris.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update glew' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
Fedora EPEL 5 Update: proftpd-1.3.2a-5.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0397
2009-09-08 22:24:28
--------------------------------------------------------------------------------
Name : proftpd
Product : Fedora EPEL 5
Version : 1.3.2a
Release : 5.el5
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behaviour of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.
--------------------------------------------------------------------------------
Update Information:
This update has a large number of changes from previous Fedora packages; the
highlights are as follows: - Update to upstream release 1.3.2a - Fix SELinux
compatibility (#498375) - Fix audit logging (#506735) - Fix default
configuration (#509251) - Many new loadable modules including mod_ctrls_admin,
mod_wrap2, and mod_exec (#520214) - National Language Support (RFC 2640) -
Enable/disable common features in /etc/sysconfig/proftpd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #498375 - Selinux prevents access to /var/run/proftpd.score
https://bugzilla.redhat.com/show_bug.cgi?id=498375
[ 2 ] Bug #520214 - Build mod_exec for proftpd
https://bugzilla.redhat.com/show_bug.cgi?id=520214
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update proftpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
Fedora EPEL 4 Update: mpich2-1.1.1p1-1.el4
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0392
2009-09-03 23:06:01
--------------------------------------------------------------------------------
Name : mpich2
Product : Fedora EPEL 4
Version : 1.1.1p1
Release : 1.el4
URL : http://www.mcs.anl.gov/research/projects/mpich2
Summary : A high-performance implementation of MPI
Description :
MPICH2 is a high-performance and widely portable implementation of the
MPI standard. This release has all MPI-2.1 functions and features
required by the standard with the exeption of support for the
"external32" portable I/O format.
The mpich2 binaries in Fedora were configured to use the default
process manager 'MPD' using the default device 'ch3'. The ch3 device
was configured with support for the nemesis channel that allows for
shared-memory and TCP/IP sockets based communication.
The Fedora builds also include support for using '/usr/sbin/alternatives'
and/or the 'module environment' to select which MPI implementation to use
when multiple implementations are installed.
--------------------------------------------------------------------------------
Update Information:
Initial build for EPEL4 and an update for EPEL5
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update mpich2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
Fedora EPEL 4 Update: o3read-0.0.4-4.el4
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0374
2009-08-31 22:20:52
--------------------------------------------------------------------------------
Name : o3read
Product : Fedora EPEL 4
Version : 0.0.4
Release : 4.el4
URL : http://siag.nu/o3read/
Summary : Standalone converter for OpenOffice.org documents
Description :
o3read is a standalone converter for the OpenOffice.org writer and calc
documents to text, html, and a dump of the parse tree.
It doesn't depend on Open Office or any other external tools or libraries.
--------------------------------------------------------------------------------
Update Information:
Initial o3read builds for EPEL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #513570 - Please build latest o3read for EPEL 4 and 5
https://bugzilla.redhat.com/show_bug.cgi?id=513570
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update o3read' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
Fedora EPEL 5 Update: emacs-verilog-mode-531-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0399
2009-09-08 22:24:38
--------------------------------------------------------------------------------
Name : emacs-verilog-mode
Product : Fedora EPEL 5
Version : 531
Release : 1.el5
URL : http://www.veripool.org/wiki/verilog-mode/
Summary : Verilog mode for Emacs
Description :
Verilog-mode.el is a free Verilog mode for Emacs
which provides context-sensitive highlighting,
auto indenting, and provides macro expansion
capabilities to greatly reduce Verilog coding time.
--------------------------------------------------------------------------------
Update Information:
fixes broken dependency
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update emacs-verilog-mode' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
Fedora EPEL 5 Update: xine-ui-0.99.5-16.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0393
2009-09-03 23:06:03
--------------------------------------------------------------------------------
Name : xine-ui
Product : Fedora EPEL 5
Version : 0.99.5
Release : 16.el5
URL : http://www.xine-project.org/
Summary : A skinned xlib-based gui for xine-lib
Description :
xine-ui is the traditional, skinned GUI for xine-lib.
--------------------------------------------------------------------------------
Update Information:
Moved the splash screen file to the main package from the -skins package.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update xine-ui' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months
Fedora EPEL 5 Update: python-markdown2-1.0.1.13-3.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0386
2009-09-03 23:05:49
--------------------------------------------------------------------------------
Name : python-markdown2
Product : Fedora EPEL 5
Version : 1.0.1.13
Release : 3.el5
URL : http://code.google.com/p/python-markdown2/
Summary : A fast and complete Python implementation of Markdown
Description :
Markdown is a text-to-HTML filter; it translates an easy-to-read /
easy-to-write structured text format into HTML. Markdown's text format
is most similar to that of plain text email, and supports features
such as headers, emphasis, code blocks, blockquotes, and links.
This is a fast and complete Python implementation of the Markdown
spec.
For information about markdown itself, see
http://daringfireball.net/projects/markdown/
--------------------------------------------------------------------------------
Update Information:
New package: This is a fast and complete Python implementation of the
Markdown spec. Markdown is a text-to-HTML filter; it translates an easy-to-
read / easy-to-write structured text format into HTML. Markdown's text format is
most similar to that of plain text email, and supports features such as headers,
emphasis, code blocks, blockquotes, and links.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #461692 - Review Request: python-markdown2 - A fast and complete Python implementation of Markdown
https://bugzilla.redhat.com/show_bug.cgi?id=461692
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-markdown2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years, 7 months