[SECURITY] Fedora EPEL 5 Update: zikula-1.2.3-1.el5

Fri Sep 3 21:55:50 UTC 2010

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-2902
2010-06-09 15:01:09
--------------------------------------------------------------------------------

Name        : zikula
Product     : Fedora EPEL 5
Version     : 1.2.3
Release     : 1.el5
URL         : http://www.zikula.org/
Summary     : Zikula is a free open source Web Application Framework
Description :
A free open source Web Application Framework.
It can be used to develop robust, secure, interactive and
editable websites and web based applications. Zikula is written
in PHP, object oriented, and fully modular. It requires a database
 and may use all leading database platforms like MySQL,
PostgreSQL and Microsoft SQL Server.
Zikula is the successor to the PostNuke project.

--------------------------------------------------------------------------------
Update Information:

- upgrading to 1.2.3  - removed jsminify patch, and thus requirement for custom
tarball  - fixes XSS and CSRF security problems.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #589290 - CVE-2010-1724  Zikula multiple XSS flaws
        https://bugzilla.redhat.com/show_bug.cgi?id=589290
  [ 2 ] Bug #589308 - CVE-2010-1732 Zikula CSRF flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=589308
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update zikula' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------