[SECURITY] Fedora 20 Update: zarafa-7.1.10-4.fc20

Sat Aug 30 03:55:03 UTC 2014

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-9754
2014-08-27 00:45:49
--------------------------------------------------------------------------------

Name        : zarafa
Product     : Fedora 20
Version     : 7.1.10
Release     : 4.fc20
URL         : http://www.zarafa.com/
Summary     : Open Source Edition of the Zarafa Collaboration Platform
Description :
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The
Open Source Collaboration provides an integration with your existing Linux
mail server, native mobile phone support by ActiveSync compatibility and a
webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an
IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open
Source Collaboration can combine the usability with the stability and the
flexibility of a Linux server.

The proven Zarafa groupware solution is using MAPI objects, provides a MAPI
client library as well as programming interfaces for C++, PHP and Python.
The other Zarafa related packages need to be installed to gain all features
and benefits of the Zarafa Collaboration Platform (ZCP).

--------------------------------------------------------------------------------
Update Information:

Fixed multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448 and CVE-2014-5449)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 25 2014 Robert Scheck <robert at fedoraproject.org> 7.1.10-4
- Fixed multiple incorrect default permissions (#1133439)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.1.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Jul 14 2014 Robert Scheck <robert at fedoraproject.org> 7.1.10-3
- Rebuild for gSOAP 2.8.17
* Fri Jul 11 2014 Robert Scheck <robert at fedoraproject.org> 7.1.10-2
- Added a workaround to really support MariaDB (#995870)
- Re-added a patch to allow building without zarafa-search
* Sun Jun 29 2014 Robert Scheck <robert at fedoraproject.org> 7.1.10-1
- Upgrade to 7.1.10
* Fri Jun 20 2014 Remi Collet <rcollet at redhat.com> - 7.1.9-2.1
- rebuild for https://fedoraproject.org/wiki/Changes/Php56
- add numerical prefix to extension configuration file
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.1.9-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 22 2014 Petr Machata <pmachata at redhat.com> - 7.1.9-2
- Rebuild for boost 1.55.0
* Thu May  1 2014 Robert Scheck <robert at fedoraproject.org> 7.1.9-1
- Upgrade to 7.1.9
* Fri Feb 21 2014 Robert Scheck <robert at fedoraproject.org> 7.1.8-3
- Upgrade to 7.1.8 (re-released)
* Fri Feb 14 2014 Parag Nemade <paragn AT fedoraproject DOT org> - 7.1.8-2
- Rebuild for icu 52
* Thu Jan 30 2014 Robert Scheck <robert at fedoraproject.org> 7.1.8-1
- Upgrade to 7.1.8 (#1056767, #1059903)
* Sun Dec  8 2013 Robert Scheck <robert at fedoraproject.org> 7.1.7-1
- Upgrade to 7.1.7 (#1008068)
- Added dependency from gateway and spooler to python-MAPI
- Added requirements to virtual libvmime ABI/API provides
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1133439 - CVE-2014-5447 CVE-2014-5448 CVE-2014-5449 CVE-2014-5450 zarafa: multiple default permission issues
        https://bugzilla.redhat.com/show_bug.cgi?id=1133439
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update zarafa' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------