[SECURITY] Fedora 9 Update: roundcubemail-0.2-7.stable.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-1256
2009-02-05 01:16:29
--------------------------------------------------------------------------------
Name : roundcubemail
Product : Fedora 9
Version : 0.2
Release : 7.stable.fc9
URL : http://www.roundcube.net
Summary : Round Cube Webmail is a browser-based multilingual IMAP client
Description :
RoundCube Webmail is a browser-based multilingual IMAP client
with an application-like user interface. It provides full
functionality you expect from an e-mail client, including MIME
support, address book, folder manipulation, message searching
and spell checking. RoundCube Webmail is written in PHP and
requires the MySQL database or the PostgreSQL database. The user
interface is fully skinnable using XHTML and CSS 2.
--------------------------------------------------------------------------------
Update Information:
Upgrade to 0.2 stable Following security fix is included as well: Common
Vulnerabilities and Exposures assigned an identifier CVE-2009-0413 to the
following vulnerability: Cross-site scripting (XSS) vulnerability in
RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject
arbitrary web script or HTML via the background attribute embedded in an HTML
e-mail message. References: http://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2009-0413 http://trac.roundcube.net/changeset/2245
http://www.securityfocus.com/bid/33372 http://secunia.com/advisories/33622
http://xforce.iss.net/xforce/xfdb/48129
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 4 2009 Jon Ciesla <limb(a)jcomserv.net> = 0.2-7.stable
- Patch for CVE-2009-0413, BZ 484052.
* Mon Jan 5 2009 Jon Ciesla <limb(a)jcomserv.net> = 0.2-6.stable
- New upstream.
- Dropped two most recent patches, applied upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #484052 - CVE-2009-0413 roundcubemail: Remotely exploitable web script or HTML code injection vulnerability via the background attribute embedded in an HTML e-mail message (XSS)
https://bugzilla.redhat.com/show_bug.cgi?id=484052
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update roundcubemail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 10 Update: bzrtools-1.11.0-1.fc10
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-0864
2009-01-21 20:36:07
--------------------------------------------------------------------------------
Name : bzrtools
Product : Fedora 10
Version : 1.11.0
Release : 1.fc10
URL : http://bazaar-vcs.org/BzrTools
Summary : A collection of utilities and plugins for Bazaar-NG
Description :
BzrTools is a collection of plugins for Bazaar-NG (bzr). Among the included
plugins are:
* rspush - uses rsync to push local changes to a remote server
* annotate - prints a file annotated with the revision next to each line
* baz-import - (Requres PyBaz) import an arch archive losslessly into bzr
* shelve/unshelve - allows you to undo some changes, commit, and restore
* clean-tree - remove unknown, ignored-junk, or unversioned files from the tree
* graph-ancestry - use dot to produce banch ancestry graphs
* shell - a bzr command interpreter with command completion
* patch - apply a patch to your tree from a file or URL
--------------------------------------------------------------------------------
Update Information:
improving interoperability with Windows users (case-insensitive filesystems) and
fixing a number of minor bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 19 2009 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 1.11.0-1
- Update to 1.11.0
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update bzrtools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 10 Update: bzr-1.11-1.fc10
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-0864
2009-01-21 20:36:07
--------------------------------------------------------------------------------
Name : bzr
Product : Fedora 10
Version : 1.11
Release : 1.fc10
URL : http://www.bazaar-vcs.org/
Summary : Friendly distributed version control system
Description :
Bazaar is a distributed revision control system that is powerful, friendly,
and scalable. It is the successor of Baz-1.x which, in turn, was
a user-friendly reimplementation of GNU Arch.
--------------------------------------------------------------------------------
Update Information:
improving interoperability with Windows users (case-insensitive filesystems) and
fixing a number of minor bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 19 2009 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 1.11-1
- Update to 1.11
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update bzr' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 10 Update: php-pear-XML-Parser-1.3.2-1.fc10
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-1020
2009-01-27 00:37:10
--------------------------------------------------------------------------------
Name : php-pear-XML-Parser
Product : Fedora 10
Version : 1.3.2
Release : 1.fc10
URL : http://pear.php.net/package/XML_Parser
Summary : XML parsing class based on PHP's bundled expat
Description :
This is an XML parser based on PHPs built-in xml extension.
It supports two basic modes of operation: "func" and "event".
In "func" mode, it will look for a function named after each element
(xmltag_ELEMENT for start tags and xmltag_ELEMENT_ for end tags),
and in "event" mode it uses a set of generic callbacks.
Since version 1.2.0 there's a new XML_Parser_Simple class that makes
parsing of most XML documents easier, by automatically providing a stack
for the elements. Furthermore its now possible to split the parser from
the handler object, so you do not have to extend XML_Parser anymore in
order to parse a document with it.
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog: - Fix Bug #9328: assigned by reference error in XML_RSS
parse - add an AllTests.php for PHPUnit usage
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 22 2009 Remi Collet <Fedora(a)FamilleCollet.com> 1.3.2-1
- update to 1.3.2
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-pear-XML-Parser' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 10 Update: perl-MooseX-Iterator-0.09-3.fc10
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-1254
2009-02-05 01:16:27
--------------------------------------------------------------------------------
Name : perl-MooseX-Iterator
Product : Fedora 10
Version : 0.09
Release : 3.fc10
URL : http://search.cpan.org/dist/MooseX-Iterator/
Summary : Iterate over collections
Description :
This is an attempt to add smalltalk-like streams to Moose. It currently
works with ArrayRefs and HashRefs.
--------------------------------------------------------------------------------
Update Information:
First release for F-10.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-MooseX-Iterator' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 10 Update: xorg-x11-drv-vmmouse-12.6.3-1.fc10
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-0548
2009-01-14 23:38:35
--------------------------------------------------------------------------------
Name : xorg-x11-drv-vmmouse
Product : Fedora 10
Version : 12.6.3
Release : 1.fc10
URL : http://www.x.org
Summary : Xorg X11 vmmouse input driver
Description :
X.Org X11 vmmouse input driver.
--------------------------------------------------------------------------------
Update Information:
update to 12.6.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 9 2009 Peter Hutterer <peter.hutterer(a)redhat.com> 12.6.3-1
- vmmouse 12.6.3
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update xorg-x11-drv-vmmouse' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 10 Update: jbrout-0.3.159-1.fc10
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-0572
2009-01-16 22:38:31
--------------------------------------------------------------------------------
Name : jbrout
Product : Fedora 10
Version : 0.3.159
Release : 1.fc10
URL : http://jbrout.python-hosting.com/wiki
Summary : Photo manager, written in python/pygtk
Description :
jBrout is able to :
* manage albums/photos (= folders/files)
* tag photos with IPTC keywords
* use internal jpeg thumbnail
* comment photos (with jpeg comment) and album (textfile in
folder)
* rotate loss-less jpeg (and internal jpeg thumbnail)
use EXIF info (date, size ..)
* search pictures (tags, comment, date, ...) (not implemented
yet)
* use plugins (to export to html/gallery, to act like
a httpserver, to export pictures to be mailed, ...)
* work without database ! (just a xmlfile which can be rebuild
from scratch)
* handle a lot of photos (jbrout's author claims to have more than 20000
of them)
* upload photos to a flickr account
* ...
--------------------------------------------------------------------------------
Update Information:
Substantial upstream rewrite of parts of jbrout. * Doesn't use external
programs anymore, but instead uses pyexiv2 for all manipulation with images. *
Improved search dialog
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 15 2009 Matěj Cepl <mcepl(a)redhat.com> 0.3.159-1
- New upstream release and this should go to Fedora.
* Sun Jan 11 2009 Matěj Cepl <mcepl(a)redhat.com> 0.3.151-0.5
- Fixed building and installing lang files.
* Thu Jan 1 2009 Matěj Cepl <mcepl(a)redhat.com> 0.3.131-0.1.f10only
- Testing build of the new upstream release (because of broken upgrade
build).
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update jbrout' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 9 Update: perl-Gtk2-Sexy-0.05-1.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-0961
2009-01-27 00:36:07
--------------------------------------------------------------------------------
Name : perl-Gtk2-Sexy
Product : Fedora 9
Version : 0.05
Release : 1.fc9
URL : http://search.cpan.org/dist/Gtk2-Sexy/
Summary : Perl interface to the sexy widget collection
Description :
This module allows a perl developer to access the widgets of the sexy widget
collection.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 25 2009 Chris Weyl <cweyl(a)alumni.drew.edu> 0.05-1
- update to 0.05
* Thu Oct 23 2008 Chris Weyl <cweyl(a)alumni.drew.edu> 0.04-1
- update to 0.04
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Gtk2-Sexy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 10 Update: ibus-anthy-0.1.1.20090203-1.fc10
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-1252
2009-02-05 01:16:25
--------------------------------------------------------------------------------
Name : ibus-anthy
Product : Fedora 10
Version : 0.1.1.20090203
Release : 1.fc10
URL : http://code.google.com/p/ibus/
Summary : The Anthy engine for IBus input platform
Description :
The Anthy engine for IBus platform. It provides Japanese input method from
libanthy.
--------------------------------------------------------------------------------
Update Information:
Update to 0.1.1.20090203 to fix some bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 3 2009 Huang Peng <shawn.p.huang(a)gmail.com> - 0.1.1.20090203-1
- Update to 0.1.1.20090203.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #481095 - ibus-anthy: pre-edit sometimes gets stuck
https://bugzilla.redhat.com/show_bug.cgi?id=481095
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ibus-anthy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months
Fedora 10 Update: system-autodeath-0.2-1.fc10
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-0360
2009-01-14 23:35:08
--------------------------------------------------------------------------------
Name : system-autodeath
Product : Fedora 10
Version : 0.2
Release : 1.fc10
URL : http://skvidal.fedorapeople.org/system-autodeath/
Summary : Automatically disable system default route on a specific date
Description :
system-autodeath is a cron job that runs daily, checking the current
time versus a configured death date for the machine. Within one week
of this date the system will emit log notices to syslog.alert notifying
that the system will remove its default network route on a specific date.
On the date the system will have its default route deleted. It
will continue to do this every day until someone does something about it.
--------------------------------------------------------------------------------
Update Information:
First release.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update system-autodeath' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 3 months