[SECURITY] Fedora EPEL 5 Update: couchdb-0.11.2-2.el5

updates at fedoraproject.org updates at fedoraproject.org
Tue Oct 5 17:27:25 UTC 2010 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3276
2010-08-26 22:02:37
--------------------------------------------------------------------------------

Name        : couchdb
Product     : Fedora EPEL 5
Version     : 0.11.2
Release     : 2.el5
URL         : http://couchdb.apache.org/
Summary     : A document database server, accessible via a RESTful JSON API
Description :
Apache CouchDB is a distributed, fault-tolerant and schema-free
document-oriented database accessible via a RESTful HTTP/JSON API.
Among other features, it provides robust, incremental replication
with bi-directional conflict detection and resolution, and is
queryable and indexable using a table-oriented view engine with
JavaScript acting as the default view definition language.

--------------------------------------------------------------------------------
Update Information:

Despite the fact that this is a security-related fix I would like to test these packages for a while because of possible API incompatibilities (version upgrade).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #627498 - CVE-2010-2953 couchdb: start-up script sets insecure LD_LIBRARY_PATH
        https://bugzilla.redhat.com/show_bug.cgi?id=627498
  [ 2 ] Bug #624764 - CVE-2010-2234 couchdb: CSRF vulnerability in versions prior to 0.11.2/1.0.1
        https://bugzilla.redhat.com/show_bug.cgi?id=624764
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update couchdb' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the epel-package-announce mailing list