September 2009 - epel-package-announce

Fedora EPEL 4 Update: python-feedparser-4.1-5.el4

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0250 2009-08-10 20:18:39 -------------------------------------------------------------------------------- Name : python-feedparser Product : Fedora EPEL 4 Version : 4.1 Release : 5.el4 URL : http://feedparser.org/ Summary : Parse RSS and Atom feeds in Python Description : Universal Feed Parser is a Python module for downloading and parsing syndicated feeds. It can handle RSS 0.90, Netscape RSS 0.91, Userland RSS 0.91, RSS 0.92, RSS 0.93, RSS 0.94, RSS 1.0, RSS 2.0, Atom 0.3, Atom 1.0, and CDF feeds. It also parses several popular extension modules, including Dublin Core and Apple's iTunes extensions. -------------------------------------------------------------------------------- References: [ 1 ] Bug #491373 - python-feedparser handles media:title tags wrong in two different ways https://bugzilla.redhat.com/show_bug.cgi?id=491373 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update python-feedparser' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

Fedora EPEL 5 Update: 3proxy-0.6-3.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0362 2009-08-31 22:20:38 -------------------------------------------------------------------------------- Name : 3proxy Product : Fedora EPEL 5 Version : 0.6 Release : 3.el5 URL : http://3proxy.ru/?l=EN Summary : Tiny but very powerful proxy Description : 3proxy -- light proxy server. Universal proxy server with HTTP, HTTPS, SOCKS v4, SOCKS v4a, SOCKS v5, FTP, POP3, UDP and TCP portmapping, access control, bandwith control, traffic limitation and accounting based on username, client IP, target IP, day time, day of week, etc. -------------------------------------------------------------------------------- Update Information: Initial push 3proxy into Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #517983 - Review Request: 3proxy - Tiny but very powerful proxy https://bugzilla.redhat.com/show_bug.cgi?id=517983 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update 3proxy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

Fedora EPEL 5 Update: GeoIP-1.4.7-0.1.20090931cvs.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0380 2009-09-01 20:05:55 -------------------------------------------------------------------------------- Name : GeoIP Product : Fedora EPEL 5 Version : 1.4.7 Release : 0.1.20090931cvs.el5 URL : http://www.maxmind.com/app/c Summary : C library for country/city/organization to IP address or hostname mapping Description : GeoIP is a C library that enables the user to find the country that any IP address or hostname originates from. It uses a file based database that is accurate as of March 2003. This database simply contains IP blocks as keys, and countries as values. This database should be more complete and accurate than using reverse DNS lookups. -------------------------------------------------------------------------------- Update Information: Enable country lookup of IPv6 addresses. This feature requires use of the MaxMind GeoIPv6 database, available at http://geolite.maxmind.com/download/geoip/database/ -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update GeoIP' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

Fedora EPEL 5 Update: eqntott-9.0-2.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0376 2009-09-01 20:05:48 -------------------------------------------------------------------------------- Name : eqntott Product : Fedora EPEL 5 Version : 9.0 Release : 2.el5 URL : http://code.google.com/p/eqntott Summary : Generates truth tables from Boolean equations Description : Converts Boolean logic expressions into a truth table that is useful for preparing input to espresso package for logic minimization, converting logic expressions into simpler forms, and for creating truth tables. -------------------------------------------------------------------------------- Update Information: Eqntott package generates truth tables from Boolean equations. -------------------------------------------------------------------------------- References: [ 1 ] Bug #516874 - Review Request: eqntott - Generates truth tables from Boolean equations https://bugzilla.redhat.com/show_bug.cgi?id=516874 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update eqntott' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

[SECURITY] Fedora EPEL 4 Update: drupal-5.20-1.el4

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0479 2009-09-17 17:39:27.404225 -------------------------------------------------------------------------------- Name : drupal Product : Fedora EPEL 4 Version : 5.20 Release : 1.el4 URL : http://www.drupal.org Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. -------------------------------------------------------------------------------- Update Information: Fixes SA-CORE-2009-008 http://drupal.org/node/579482 Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script. Multiple vulnerabilities and weaknesses were discovered in Drupal. OpenID association cross site request forgeries The OpenID module in Drupal 6 allows users to create an account or log into a Drupal site using one or more OpenID identities. The core OpenID module does not correctly implement Form API for the form that allows one to link user accounts with OpenID identifiers. A malicious user is therefore able to use cross site request forgeries to add attacker controlled OpenID identities to existing accounts. These OpenID identities can then be used to gain access to the affected accounts. This issue affects Drupal 6.x only. OpenID impersonation The OpenID module is not a compliant implementation of the OpenID Authentication 2.0 specification. An implementation error allows a user to access the account of another user when they share the same OpenID 2.0 provider. This issue affects Drupal 6.x only. File upload File uploads with certain extensions are not correctly processed by the File API. This may lead to the creation of files that are executable by Apache. The .htaccess that is saved into the files directory by Drupal should normally prevent execution. The files are only executable when the server is configured to ignore the directives in the .htaccess file. This issue affects Drupal 6.x only. Session fixation Drupal doesn't regenerate the session ID when an anonymous user follows the one time login link used to confirm email addresses and reset forgotten passwords. This enables a malicious user to fix and reuse the session id of a victim under certain circumstances. This issue affects Drupal 5.x only. Versions affected * Drupal 6.x before version 6.14. * Drupal 5.x before version 5.20. Solution Install the latest version: * If you are running Drupal 6.x then upgrade to Drupal 6.14. * If you are running Drupal 5.x then upgrade to Drupal 5.20. If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. Theses patches fix the security vulnerabilities, but do not contain other fixes which were released in Drupal 6.14 or Drupal 5.20. * To patch Drupal 6.13 use SA- CORE-2009-008-6.13.patch. * To patch Drupal 5.19 use SA- CORE-2009-008-5.19.patch. Important note: Some users using OpenID might not be able to use the existing OpenID associations to login after the upgrade. These users should use the one time login via password recovery to get access to their user account and re-add desired associations. These users likely had issues with OpenID logins prior to the upgrade. Reported by The session fixation issue was reported by Noel Sharpe. OpenID impersonation was reported by Robert Metcalf. OpenID association CSRF was reported by Heine Deelstra (*). The file upload issue was reported by Heine Deelstra (*). (*) Member of the Drupal security team Fixed by The session fixation issue was fixed by Jakub Suchy. The OpenID and file upload issues were fixed by Heine Deelstra. Contact The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact. -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update drupal' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

[SECURITY] Fedora EPEL 5 Update: drupal-5.20-1.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0478 2009-09-17 17:39:27 -------------------------------------------------------------------------------- Name : drupal Product : Fedora EPEL 5 Version : 5.20 Release : 1.el5 URL : http://www.drupal.org Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. -------------------------------------------------------------------------------- Update Information: Fixes SA-CORE-2009-008 http://drupal.org/node/579482 Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script. Multiple vulnerabilities and weaknesses were discovered in Drupal. OpenID association cross site request forgeries The OpenID module in Drupal 6 allows users to create an account or log into a Drupal site using one or more OpenID identities. The core OpenID module does not correctly implement Form API for the form that allows one to link user accounts with OpenID identifiers. A malicious user is therefore able to use cross site request forgeries to add attacker controlled OpenID identities to existing accounts. These OpenID identities can then be used to gain access to the affected accounts. This issue affects Drupal 6.x only. OpenID impersonation The OpenID module is not a compliant implementation of the OpenID Authentication 2.0 specification. An implementation error allows a user to access the account of another user when they share the same OpenID 2.0 provider. This issue affects Drupal 6.x only. File upload File uploads with certain extensions are not correctly processed by the File API. This may lead to the creation of files that are executable by Apache. The .htaccess that is saved into the files directory by Drupal should normally prevent execution. The files are only executable when the server is configured to ignore the directives in the .htaccess file. This issue affects Drupal 6.x only. Session fixation Drupal doesn't regenerate the session ID when an anonymous user follows the one time login link used to confirm email addresses and reset forgotten passwords. This enables a malicious user to fix and reuse the session id of a victim under certain circumstances. This issue affects Drupal 5.x only. Versions affected * Drupal 6.x before version 6.14. * Drupal 5.x before version 5.20. Solution Install the latest version: * If you are running Drupal 6.x then upgrade to Drupal 6.14. * If you are running Drupal 5.x then upgrade to Drupal 5.20. If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. Theses patches fix the security vulnerabilities, but do not contain other fixes which were released in Drupal 6.14 or Drupal 5.20. * To patch Drupal 6.13 use SA- CORE-2009-008-6.13.patch. * To patch Drupal 5.19 use SA- CORE-2009-008-5.19.patch. Important note: Some users using OpenID might not be able to use the existing OpenID associations to login after the upgrade. These users should use the one time login via password recovery to get access to their user account and re-add desired associations. These users likely had issues with OpenID logins prior to the upgrade. Reported by The session fixation issue was reported by Noel Sharpe. OpenID impersonation was reported by Robert Metcalf. OpenID association CSRF was reported by Heine Deelstra (*). The file upload issue was reported by Heine Deelstra (*). (*) Member of the Drupal security team Fixed by The session fixation issue was fixed by Jakub Suchy. The OpenID and file upload issues were fixed by Heine Deelstra. Contact The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact. -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update drupal' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

Fedora EPEL 5 Update: python-feedparser-4.1-10.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0256 2009-08-10 20:18:36 -------------------------------------------------------------------------------- Name : python-feedparser Product : Fedora EPEL 5 Version : 4.1 Release : 10.el5 URL : http://feedparser.org/ Summary : Parse RSS and Atom feeds in Python Description : Universal Feed Parser is a Python module for downloading and parsing syndicated feeds. It can handle RSS 0.90, Netscape RSS 0.91, Userland RSS 0.91, RSS 0.92, RSS 0.93, RSS 0.94, RSS 1.0, RSS 2.0, Atom 0.3, Atom 1.0, and CDF feeds. It also parses several popular extension modules, including Dublin Core and Apple's iTunes extensions. -------------------------------------------------------------------------------- References: [ 1 ] Bug #491373 - python-feedparser handles media:title tags wrong in two different ways https://bugzilla.redhat.com/show_bug.cgi?id=491373 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update python-feedparser' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

Fedora EPEL 5 Update: pywebdav-0.9.3-2.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0388 2009-09-03 23:05:54 -------------------------------------------------------------------------------- Name : pywebdav Product : Fedora EPEL 5 Version : 0.9.3 Release : 2.el5 URL : http://www.webdav.de/ Summary : WebDAV library Description : WebDAV library for Python. WebDAV is an extension to the normal HTTP/1.1 protocol allowing the user to upload data, create collections of objects, store properties for objects, etc. -------------------------------------------------------------------------------- Update Information: - update to 0.9.3 - drop dependency on PyXML -------------------------------------------------------------------------------- References: [ 1 ] Bug #520984 - pywebdav no longer requires PyXML https://bugzilla.redhat.com/show_bug.cgi?id=520984 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update pywebdav' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

Fedora EPEL 5 Update: python-GeoIP-1.2.5-0.3.20090931cvs.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0377 2009-09-01 20:05:51 -------------------------------------------------------------------------------- Name : python-GeoIP Product : Fedora EPEL 5 Version : 1.2.5 Release : 0.3.20090931cvs.el5 URL : http://www.maxmind.com/download/geoip/api/python/ Summary : Python bindings for the GeoIP geographical lookup libraries Description : This package contains the Python bindings for the GeoIP API, allowing IP to location lookups to country, city and organization level within Python code. -------------------------------------------------------------------------------- Update Information: Enables country lookup of IPv6 addresses from python applications. This feature requires use of the MaxMind GeoIPv6 database, available at http://geolite.maxmind.com/download/geoip/database/ -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update python-GeoIP' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

Fedora EPEL 5 Update: libHX-3.0-1.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2009-0357 2009-08-28 04:45:44 -------------------------------------------------------------------------------- Name : libHX Product : Fedora EPEL 5 Version : 3.0 Release : 1.el5 URL : http://sourceforge.net/projects/libhx/ Summary : General-purpose library for typical low-level operations Description : A library for: - rbtree with key-value pair extension - deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs)) - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option (argv) parser - shconfig-style config file parser - platform independent random number generator with transparent /dev/urandom support - various string, memory and zvec ops -------------------------------------------------------------------------------- Update Information: Update to new release to satisfy pam_mount 1.30 dependency. -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update libHX' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years, 7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

epel-package-announce September 2009