[SECURITY] Fedora EPEL 5 Update: couchdb-0.11.2-2.el5
updates at fedoraproject.org
updates at fedoraproject.org
Tue Oct 5 17:27:25 UTC 2010
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3276
2010-08-26 22:02:37
--------------------------------------------------------------------------------
Name : couchdb
Product : Fedora EPEL 5
Version : 0.11.2
Release : 2.el5
URL : http://couchdb.apache.org/
Summary : A document database server, accessible via a RESTful JSON API
Description :
Apache CouchDB is a distributed, fault-tolerant and schema-free
document-oriented database accessible via a RESTful HTTP/JSON API.
Among other features, it provides robust, incremental replication
with bi-directional conflict detection and resolution, and is
queryable and indexable using a table-oriented view engine with
JavaScript acting as the default view definition language.
--------------------------------------------------------------------------------
Update Information:
Despite the fact that this is a security-related fix I would like to test these packages for a while because of possible API incompatibilities (version upgrade).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #627498 - CVE-2010-2953 couchdb: start-up script sets insecure LD_LIBRARY_PATH
https://bugzilla.redhat.com/show_bug.cgi?id=627498
[ 2 ] Bug #624764 - CVE-2010-2234 couchdb: CSRF vulnerability in versions prior to 0.11.2/1.0.1
https://bugzilla.redhat.com/show_bug.cgi?id=624764
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update couchdb' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the epel-package-announce
mailing list