[SECURITY] Fedora EPEL 6 Update: wordpress-3.5.1-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0233
2013-02-01 12:38:56
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora EPEL 6
Version : 3.5.1
Release : 2.el6
URL : http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
--------------------------------------------------------------------------------
Update Information:
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include:
* Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or user APIs.
WordPress 3.5.1 also addresses the following security issues:
* A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
* Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
* A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #904120 - CVE-2013-0235 wordpress: Server-side request forgery and remote port scanning using pingbacks
https://bugzilla.redhat.com/show_bug.cgi?id=904120
[ 2 ] Bug #904121 - wordpress: XSS flaws via shortcodes and HTTP POST content
https://bugzilla.redhat.com/show_bug.cgi?id=904121
[ 3 ] Bug #904122 - wordpress: XSS in the external Plupload library
https://bugzilla.redhat.com/show_bug.cgi?id=904122
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update wordpress' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
Fedora EPEL 6 Update: voms-api-java-2.0.10-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0343
2013-02-12 19:49:19
--------------------------------------------------------------------------------
Name : voms-api-java
Product : Fedora EPEL 6
Version : 2.0.10
Release : 2.el6
URL : https://wiki.italiangrid.it/VOMS
Summary : Virtual Organization Membership Service Java API
Description :
The Virtual Organization Membership Service (VOMS) is an attribute authority
which serves as central repository for VO user authorization information,
providing support for sorting users into group hierarchies, keeping track of
their roles and other attributes in order to issue trusted attribute
certificates and SAML assertions used in the Grid environment for
authorization purposes.
This package provides a java client API for VOMS.
--------------------------------------------------------------------------------
Update Information:
voms-api-java 2.0.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #818488 - voms-api-java requires old jakarta-commons-* packages
https://bugzilla.redhat.com/show_bug.cgi?id=818488
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update voms-api-java' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
Fedora EPEL 5 Update: pdns-2.9.22.6-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0349
2013-02-12 19:49:43
--------------------------------------------------------------------------------
Name : pdns
Product : Fedora EPEL 5
Version : 2.9.22.6
Release : 1.el5
URL : http://powerdns.com
Summary : A modern, advanced and high performance authoritative-only nameserver
Description :
The PowerDNS Nameserver is a modern, advanced and high performance
authoritative-only nameserver. It is written from scratch and conforms
to all relevant DNS standards documents.
Furthermore, PowerDNS interfaces with almost any database.
--------------------------------------------------------------------------------
Update Information:
- Update 2.9.22.6
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update pdns' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
Fedora EPEL 5 Update: php53-mapi-7.0.12-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0353
2013-02-12 19:49:56
--------------------------------------------------------------------------------
Name : php53-mapi
Product : Fedora EPEL 5
Version : 7.0.12
Release : 1.el5
URL : http://www.zarafa.com/
Summary : The PHP MAPI extension by Zarafa
Description :
The php53-mapi package contains the PHP 5.3 MAPI extension to provide access
to Microsoft MAPI functions while using PHP. Although not all MAPI functions
and interfaces are supported so far, most functions have a PHP counterpart
in this extension. Using this PHP 5.3 MAPI extension, developers can create
e.g. webbased e-mail and calendaring systems and interfaces with existing
PHP projects, using the MAPI functions like a normal MAPI program.
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.0.12 final [40336]
==================================================
Backend
-------
- ZCP-11110, ZCP-11076: The archiver opens history messages read-only when attempting to fix the backref when the primary message is moved.
- ZCP-11098, ZCP-10567: The archiver should log what kind of cleanup operation is being performed (store, delete).
- ZCP-11084, ZCP-10569: The archiver should log the configuration settings.
- ZCP-11080, ZCP-10568: The archiver should log the commandline used when it was invoked.
- ZCP-11082, ZCP-10570: The archiver should log it's version.
- ZCP-11151, ZCP-10566: The archiver should log the user and if possible to folder on which its working whenever it logs something.
- ZCP-11174: Searching with outlook in read-only archive gives error message.
- ZCP-11064, ZCP-10916: Caldav recurring item on the first of every month will recur on every day.
- ZCP-11262, ZCP-10449: Appointment created in Ical 6 will create a reminder that is 1893 weeks over due.
- ZCP-11211, ZCP-11087: Disable SSLv2 and other less secure ciphers in different Zarafa daemons.
- ZCP-11039, ZCP-11024: Gateway does not return an error to the client when the store is broken.
- ZCP-11203, ZCP-10981: Flag for mapi_inetmapi_imtoinet not to make winmail.dat.
- ZCP-11127, ZCP-8843: UserCertificate is not available in GAL although it's configured in LDAP.
- ZCP-11079, ZCP-10935: Meeting request as calendar.ics attachment.
- ZCP-11249, ZCP-11162: Search in archive from WebAccess doesn't work.
- ZCP-11067, ZCP-10973: PR_MESSAGE_FLAGS is being handled incorrectly.
- ZCP-11136, ZCP-10313: 'Open shared folders...' opens wrong store if user was added to contacts.
- ZCP-11004, ZCP-10501: Html email with ics attachment is seen as meeting request and does not show html body.
- ZCP-11012, ZCP-8380: Monitor sends only one company quota mail server wide.
- ZCP-11023, ZCP-10973: Test PR_MESSAGE_FLAGS handling.
- ZCP-11093, ZCP-10853: Compressed synclogs aren't flushed properly when using outlook 2010.
- ZCP-11074, ZCP-10950: Zarafa-offline processes started by windows search indexer will perform badly when used with Outlook.
- ZCP-11180, ZCP-11100: GetContentsTable() before SetSearchCriteria shows no results during search.
- ZCP-11160, ZCP-11146: Large amount of queries to folder while syncing.
- ZCP-11153, ZCP-11145: Offline sync cancel waits for the entire stream from the server to be received before stopping.
- ZCP-11149, ZCP-11097: Item count sometimes wrong when doing a search in Outlook.
- ZCP-11246: Invalid property values may corrupt cache.
- ZCP-10800: Every ZARAFA_E_DATABASE_ERROR should be logged when it wasn't an SQL error.
- ZCP-11042, ZCP-9925: Too small user(details) cache breaks address book.
- ZCP-11028, ZCP-10937: Extra spooler logging added in ZCP-9838 is not working with syslog.
- ZCP-11191, ZCP-8826: ECWaitableTask objects cannot be destructed if they haven't been executed first.
WebAccess
---------
- ZCP-11025, ZCP-10391 Html code is presented when an item with an e-mail address is being inserted inline.
- ZCP-11069, ZCP-10575 Script error in rule dialog when no folder is selected.
- ZCP-11117, Update HTTPS cookie config options.
- ZCP-11308 ZCP-11254 recurring appointment suggest to start at 9:00 - 9:00 .
Zarafa Collaboration Platform 7.0.11 final [39120]
==================================================
Backend
-------
- ZCP-11007, ZCP-10998: Invalid ldap relation values may cause a segfault.
- ZCP-11014, ZCP-11001: Zarafa-server 7.1.1 segfault with Z-admin on restart.
- ZCP-11053, ZCP-11047: zarafa-search handles streaming error incorrectly.
- ZCP-10742, ZCP-10571: The archiver should optionally check the age of items to be removed when performing a cleanup.
- ZCP-10905, ZCP-9651: WebAccess forward rule body is not placed correctly when forwarded e-mail is received from Google Mail.
- ZCP-10845, ZCP-10281: Multiple rules with the same matches on several emails should be handled differently.
- ZCP-10861, ZCP-10740: Body of email is not shown in WebAccess, outlook or imap.
- ZCP-10963, ZCP-10152: invalid content-type may cause evolution to stop syncing.
- ZCP-10796, ZCP-10737: ECTNEF doesn't handle PT_(MV_)CLSID properties.
- ZCP-10816, ZCP-10355: SSL client certificates created on new Linux distributions with ssl-certificates.sh script doesn't seems to work anymore when using Blackberry.
- ZCP-10728, ZCP-10661: Win32 Zarafa-offline build package.
- ZCP-10769, ZCP-10636: Licensed seems to count also orphan archive stores as used account.
- ZCP-10944, ZCP-9871: Suggestion list from OL2010 PST is not available after migration.
- ZCP-10958, ZCP-10929: Segfault on shutting down PHP on Synology.
- ZCP-10886, ZCP-9581: Mail hangs in outbox in detect on startup profile.
- ZCP-10847, ZCP-7453: SQL errors when updating counters.
- ZCP-10831, ZCP-10414: IPM.Appointment check for unique recipients in Zarafa-fsck.
- ZCP-10820, ZCP-9608: Can not copy a note or contact in favorites folder.
- ZCP-10832, ZCP-9417: Unhook-store should print store guid of found user.
- ZCP-10833, ZCP-10735: Unhooking of public store doesn't work anymore in 7.1.
- ZCP-10771, ZCP-10533: No write access to attachment_storage location does not give error messages in the log.
- ZCP-10614, ZCP-10604: The database upgrade makes a few wrong assumptions on the existing table definitions.
- ZCP-10732, ZCP-10500: Fix corrupt mapi recipient properties in recurring agenda items.
- ZCP-10707, ZCP-10701: Server should always write a coredump file by default when it segfaults.
- ZCP-10782, ZCP-9483: Zarafa-admin --unhook on a non-existing store should give an error.
- ZCP-10882, ZCP-10822: Python binding is broken with python-2.4.
- ZCP-10877, ZCP-10834: Python binding is still broken with python-2.4.
- ZCP-10748, ZCP-10729: Create subclasses of MAPIError in python.
- ZCP-10850, ZCP-10815: Ubuntu 12.04 only supports up to 1024 sockets.
WebAcess
--------
- ZCP-10726, ZCP-9924: Recurring reminder not shown on the reminder time for series that has already begun.
- ZCP-10892, ZCP-10720: The get_defined_constants (true) causes a crash in php.
- ZCP-10725, ZCP-10073: Recurring reminder not shown on the reminder time.
- ZCP-10763, ZCP-10365: Cannot remove messages from archive store (Archiver 1.2) in WebAccess.
- ZCP-10761, ZCP-9846: Recurring reminder not shown on the reminder time.
- ZCP-10721, ZCP-10584: Recurring items start on the wrong time in DST day and week after it.
Zarafa Collaboration Platform 7.0.10 final [37482]
==================================================
Backend
-------
- ZCP-10634, ZCP-9499: Rename the names of groups in the ads tools.
- ZCP-10647, ZCP-10530: Missing archive ACLs may fail the acl-sync script.
- ZCP-10606, ZCP-10083: Za-restore tool for restoring all data from an archive mailbox has typo in help text.
- ZCP-10494, ZCP-10461: Zarafa archiver doesn't handle permissions on archives for non-active-user stores properly.
- ZCP-10599, ZCP-10536: Umlauts not escaped in auto updater SQL inserts.
- ZCP-10538, ZCP-10446: Use boost filesystem v3 if available.
- ZCP-10409, ZCP-10407: Russian translations should be shipped.
- ZCP-10388, ZCP-10050: Monthly recurring that occurs every specific day jumps to the year 2148.
- ZCP-10590, ZCP-10317: Unable to resolve contact from shared contacts folder using contacts provider.
- ZCP-10373, ZCP-10358: Zarafa contacts provider only returns oldest 256 contacts from the selected folder.
- ZCP-10369: Contacts provider should only show emailable contacts.
- ZCP-10645, ZCP-10535: No manpage for the Zarafa-autorespond command.
- ZCP-10577, ZCP-10399: Segfault of Zarafa-gateway 7.1RC2.
- ZCP-10496, ZCP-10014: Missing PR_TRANSPORT_MESSAGE_HEADERS property on messages will give wrong results using the IMAP gateway.
- ZCP-10622: Strcasestr does not exist in windows.
- ZCP-10613, ZCP-10610: Inline image detection may fail on some html.
- ZCP-10592, ZCP-9878: Zarafa7-upgrade script is compressed after installation on debian systems.
- ZCP-10551, ZCP-9968: Conversion script objectsid-to-objectGUID.pl is still using storeid in some queries, although this not available on 7.0 anymore.
- ZCP-10635, ZCP-10627: Licensed SIGSEVG, cause unknown.
- ZCP-10368, ZCP-10345: Zarafa-prio socket with wrong permissions (when not root).
- ZCP-10332, ZCP-10316: Apache segfaults when you resolve a user that does not exist using the contacts provider.
- ZCP-10489, ZCP-10450: External emails inside distribution list treated as groups by spooler.
- ZCP-10615, ZCP-10351: PHP session cache is useless and can break notifications in z-push.
- ZCP-10488, ZCP-10472: Performance improvement for php-ext queryrows.
- ZCP-10434, ZCP-10253: Apache threads are crashing.
- ZCP-10611, ZCP-10081: Navigation pane links can be unstable, or completely wrong when using offline outlook.
- ZCP-10605, ZCP-10102: Incorrect information on quota levels if company exceeds quota.
- ZCP-10580, ZCP-10349: Outlook crashes when opening permissions tab on a search folder.
- ZCP-10555, ZCP-10531: ECMessageStreamImporterIStreamAdapter::Write does not return bytes written and segfaults when NULL is passed.
- ZCP-10543: Unable to copy a store to the public store.
- ZCP-10521, ZCP-10375: Meeting requests sent by secretary to own delegate are not delivered to secretary.
- ZCP-10520, ZCP-10485: Response message from exchange does not show body.
- ZCP-10385, ZCP-8349: Zarafa-admin --enable-feature <imap|pop3> -u <username> can segfault on 32bit systems.
- ZCP-10561, ZCP-10382: Ssl-certificates.sh fails for centOS 6.3 (maybe 6.x in general?).
- ZCP-10553, ZCP-10484: Update Zarafa-fsck warning.
- ZCP-10526, ZCP-10519: Description of ZarafaCompanyServer is wrong.
- ZCP-10500: Fix corrupt mapi receipient properties in recurring agenda items.
- ZCP-10617, ZCP-10263: The message-id gets lost when forwarding email as attachment, so it will be marked as spam by some antispam solutions.
- ZCP-10478, ZCP-9837: User names with umlaut will cause empty lines in the spooler log.
- ZCP-10715, ZCP-10710: Achiver stores not always automatically opened on older created Outlook profiles.
- ZCP-10688, ZCP-9146: SSL certificate check deadlock when opening delegate user with archive on a server which presents the SSL cert dialog.
- ZCP-10667, ZCP-9760: Search for user name with umlaut in the gab will do a search with the character that are in front of the umlaut.
WebAccess
---------
- ZCP-10560, ZCP-10475: Script error in address book when trying to add a contact which is not selected.
- ZCP-10558, ZCP-10302: Script error in IE when closing new mail window.
- ZCP-10582: Timezone gmt-3 Brasilia has October 20th twice in 2012 and October 19th in 2013.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php53-mapi' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
Fedora EPEL 5 Update: zarafa-7.0.12-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0353
2013-02-12 19:49:56
--------------------------------------------------------------------------------
Name : zarafa
Product : Fedora EPEL 5
Version : 7.0.12
Release : 1.el5
URL : http://www.zarafa.com/
Summary : Open Source Edition of the Zarafa Collaboration Platform
Description :
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The
Open Source Collaboration provides an integration with your existing Linux
mail server, native mobile phone support by ActiveSync compatibility and a
webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an
IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open
Source Collaboration can combine the usability with the stability and the
flexibility of a Linux server.
The proven Zarafa groupware solution is using MAPI objects, provides a MAPI
client library as well as programming interfaces for C++, PHP and Python.
The other Zarafa related packages need to be installed to gain all features
and benefits of the Zarafa Collaboration Platform (ZCP).
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.0.12 final [40336]
==================================================
Backend
-------
- ZCP-11110, ZCP-11076: The archiver opens history messages read-only when attempting to fix the backref when the primary message is moved.
- ZCP-11098, ZCP-10567: The archiver should log what kind of cleanup operation is being performed (store, delete).
- ZCP-11084, ZCP-10569: The archiver should log the configuration settings.
- ZCP-11080, ZCP-10568: The archiver should log the commandline used when it was invoked.
- ZCP-11082, ZCP-10570: The archiver should log it's version.
- ZCP-11151, ZCP-10566: The archiver should log the user and if possible to folder on which its working whenever it logs something.
- ZCP-11174: Searching with outlook in read-only archive gives error message.
- ZCP-11064, ZCP-10916: Caldav recurring item on the first of every month will recur on every day.
- ZCP-11262, ZCP-10449: Appointment created in Ical 6 will create a reminder that is 1893 weeks over due.
- ZCP-11211, ZCP-11087: Disable SSLv2 and other less secure ciphers in different Zarafa daemons.
- ZCP-11039, ZCP-11024: Gateway does not return an error to the client when the store is broken.
- ZCP-11203, ZCP-10981: Flag for mapi_inetmapi_imtoinet not to make winmail.dat.
- ZCP-11127, ZCP-8843: UserCertificate is not available in GAL although it's configured in LDAP.
- ZCP-11079, ZCP-10935: Meeting request as calendar.ics attachment.
- ZCP-11249, ZCP-11162: Search in archive from WebAccess doesn't work.
- ZCP-11067, ZCP-10973: PR_MESSAGE_FLAGS is being handled incorrectly.
- ZCP-11136, ZCP-10313: 'Open shared folders...' opens wrong store if user was added to contacts.
- ZCP-11004, ZCP-10501: Html email with ics attachment is seen as meeting request and does not show html body.
- ZCP-11012, ZCP-8380: Monitor sends only one company quota mail server wide.
- ZCP-11023, ZCP-10973: Test PR_MESSAGE_FLAGS handling.
- ZCP-11093, ZCP-10853: Compressed synclogs aren't flushed properly when using outlook 2010.
- ZCP-11074, ZCP-10950: Zarafa-offline processes started by windows search indexer will perform badly when used with Outlook.
- ZCP-11180, ZCP-11100: GetContentsTable() before SetSearchCriteria shows no results during search.
- ZCP-11160, ZCP-11146: Large amount of queries to folder while syncing.
- ZCP-11153, ZCP-11145: Offline sync cancel waits for the entire stream from the server to be received before stopping.
- ZCP-11149, ZCP-11097: Item count sometimes wrong when doing a search in Outlook.
- ZCP-11246: Invalid property values may corrupt cache.
- ZCP-10800: Every ZARAFA_E_DATABASE_ERROR should be logged when it wasn't an SQL error.
- ZCP-11042, ZCP-9925: Too small user(details) cache breaks address book.
- ZCP-11028, ZCP-10937: Extra spooler logging added in ZCP-9838 is not working with syslog.
- ZCP-11191, ZCP-8826: ECWaitableTask objects cannot be destructed if they haven't been executed first.
WebAccess
---------
- ZCP-11025, ZCP-10391 Html code is presented when an item with an e-mail address is being inserted inline.
- ZCP-11069, ZCP-10575 Script error in rule dialog when no folder is selected.
- ZCP-11117, Update HTTPS cookie config options.
- ZCP-11308 ZCP-11254 recurring appointment suggest to start at 9:00 - 9:00 .
Zarafa Collaboration Platform 7.0.11 final [39120]
==================================================
Backend
-------
- ZCP-11007, ZCP-10998: Invalid ldap relation values may cause a segfault.
- ZCP-11014, ZCP-11001: Zarafa-server 7.1.1 segfault with Z-admin on restart.
- ZCP-11053, ZCP-11047: zarafa-search handles streaming error incorrectly.
- ZCP-10742, ZCP-10571: The archiver should optionally check the age of items to be removed when performing a cleanup.
- ZCP-10905, ZCP-9651: WebAccess forward rule body is not placed correctly when forwarded e-mail is received from Google Mail.
- ZCP-10845, ZCP-10281: Multiple rules with the same matches on several emails should be handled differently.
- ZCP-10861, ZCP-10740: Body of email is not shown in WebAccess, outlook or imap.
- ZCP-10963, ZCP-10152: invalid content-type may cause evolution to stop syncing.
- ZCP-10796, ZCP-10737: ECTNEF doesn't handle PT_(MV_)CLSID properties.
- ZCP-10816, ZCP-10355: SSL client certificates created on new Linux distributions with ssl-certificates.sh script doesn't seems to work anymore when using Blackberry.
- ZCP-10728, ZCP-10661: Win32 Zarafa-offline build package.
- ZCP-10769, ZCP-10636: Licensed seems to count also orphan archive stores as used account.
- ZCP-10944, ZCP-9871: Suggestion list from OL2010 PST is not available after migration.
- ZCP-10958, ZCP-10929: Segfault on shutting down PHP on Synology.
- ZCP-10886, ZCP-9581: Mail hangs in outbox in detect on startup profile.
- ZCP-10847, ZCP-7453: SQL errors when updating counters.
- ZCP-10831, ZCP-10414: IPM.Appointment check for unique recipients in Zarafa-fsck.
- ZCP-10820, ZCP-9608: Can not copy a note or contact in favorites folder.
- ZCP-10832, ZCP-9417: Unhook-store should print store guid of found user.
- ZCP-10833, ZCP-10735: Unhooking of public store doesn't work anymore in 7.1.
- ZCP-10771, ZCP-10533: No write access to attachment_storage location does not give error messages in the log.
- ZCP-10614, ZCP-10604: The database upgrade makes a few wrong assumptions on the existing table definitions.
- ZCP-10732, ZCP-10500: Fix corrupt mapi recipient properties in recurring agenda items.
- ZCP-10707, ZCP-10701: Server should always write a coredump file by default when it segfaults.
- ZCP-10782, ZCP-9483: Zarafa-admin --unhook on a non-existing store should give an error.
- ZCP-10882, ZCP-10822: Python binding is broken with python-2.4.
- ZCP-10877, ZCP-10834: Python binding is still broken with python-2.4.
- ZCP-10748, ZCP-10729: Create subclasses of MAPIError in python.
- ZCP-10850, ZCP-10815: Ubuntu 12.04 only supports up to 1024 sockets.
WebAcess
--------
- ZCP-10726, ZCP-9924: Recurring reminder not shown on the reminder time for series that has already begun.
- ZCP-10892, ZCP-10720: The get_defined_constants (true) causes a crash in php.
- ZCP-10725, ZCP-10073: Recurring reminder not shown on the reminder time.
- ZCP-10763, ZCP-10365: Cannot remove messages from archive store (Archiver 1.2) in WebAccess.
- ZCP-10761, ZCP-9846: Recurring reminder not shown on the reminder time.
- ZCP-10721, ZCP-10584: Recurring items start on the wrong time in DST day and week after it.
Zarafa Collaboration Platform 7.0.10 final [37482]
==================================================
Backend
-------
- ZCP-10634, ZCP-9499: Rename the names of groups in the ads tools.
- ZCP-10647, ZCP-10530: Missing archive ACLs may fail the acl-sync script.
- ZCP-10606, ZCP-10083: Za-restore tool for restoring all data from an archive mailbox has typo in help text.
- ZCP-10494, ZCP-10461: Zarafa archiver doesn't handle permissions on archives for non-active-user stores properly.
- ZCP-10599, ZCP-10536: Umlauts not escaped in auto updater SQL inserts.
- ZCP-10538, ZCP-10446: Use boost filesystem v3 if available.
- ZCP-10409, ZCP-10407: Russian translations should be shipped.
- ZCP-10388, ZCP-10050: Monthly recurring that occurs every specific day jumps to the year 2148.
- ZCP-10590, ZCP-10317: Unable to resolve contact from shared contacts folder using contacts provider.
- ZCP-10373, ZCP-10358: Zarafa contacts provider only returns oldest 256 contacts from the selected folder.
- ZCP-10369: Contacts provider should only show emailable contacts.
- ZCP-10645, ZCP-10535: No manpage for the Zarafa-autorespond command.
- ZCP-10577, ZCP-10399: Segfault of Zarafa-gateway 7.1RC2.
- ZCP-10496, ZCP-10014: Missing PR_TRANSPORT_MESSAGE_HEADERS property on messages will give wrong results using the IMAP gateway.
- ZCP-10622: Strcasestr does not exist in windows.
- ZCP-10613, ZCP-10610: Inline image detection may fail on some html.
- ZCP-10592, ZCP-9878: Zarafa7-upgrade script is compressed after installation on debian systems.
- ZCP-10551, ZCP-9968: Conversion script objectsid-to-objectGUID.pl is still using storeid in some queries, although this not available on 7.0 anymore.
- ZCP-10635, ZCP-10627: Licensed SIGSEVG, cause unknown.
- ZCP-10368, ZCP-10345: Zarafa-prio socket with wrong permissions (when not root).
- ZCP-10332, ZCP-10316: Apache segfaults when you resolve a user that does not exist using the contacts provider.
- ZCP-10489, ZCP-10450: External emails inside distribution list treated as groups by spooler.
- ZCP-10615, ZCP-10351: PHP session cache is useless and can break notifications in z-push.
- ZCP-10488, ZCP-10472: Performance improvement for php-ext queryrows.
- ZCP-10434, ZCP-10253: Apache threads are crashing.
- ZCP-10611, ZCP-10081: Navigation pane links can be unstable, or completely wrong when using offline outlook.
- ZCP-10605, ZCP-10102: Incorrect information on quota levels if company exceeds quota.
- ZCP-10580, ZCP-10349: Outlook crashes when opening permissions tab on a search folder.
- ZCP-10555, ZCP-10531: ECMessageStreamImporterIStreamAdapter::Write does not return bytes written and segfaults when NULL is passed.
- ZCP-10543: Unable to copy a store to the public store.
- ZCP-10521, ZCP-10375: Meeting requests sent by secretary to own delegate are not delivered to secretary.
- ZCP-10520, ZCP-10485: Response message from exchange does not show body.
- ZCP-10385, ZCP-8349: Zarafa-admin --enable-feature <imap|pop3> -u <username> can segfault on 32bit systems.
- ZCP-10561, ZCP-10382: Ssl-certificates.sh fails for centOS 6.3 (maybe 6.x in general?).
- ZCP-10553, ZCP-10484: Update Zarafa-fsck warning.
- ZCP-10526, ZCP-10519: Description of ZarafaCompanyServer is wrong.
- ZCP-10500: Fix corrupt mapi receipient properties in recurring agenda items.
- ZCP-10617, ZCP-10263: The message-id gets lost when forwarding email as attachment, so it will be marked as spam by some antispam solutions.
- ZCP-10478, ZCP-9837: User names with umlaut will cause empty lines in the spooler log.
- ZCP-10715, ZCP-10710: Achiver stores not always automatically opened on older created Outlook profiles.
- ZCP-10688, ZCP-9146: SSL certificate check deadlock when opening delegate user with archive on a server which presents the SSL cert dialog.
- ZCP-10667, ZCP-9760: Search for user name with umlaut in the gab will do a search with the character that are in front of the umlaut.
WebAccess
---------
- ZCP-10560, ZCP-10475: Script error in address book when trying to add a contact which is not selected.
- ZCP-10558, ZCP-10302: Script error in IE when closing new mail window.
- ZCP-10582: Timezone gmt-3 Brasilia has October 20th twice in 2012 and October 19th in 2013.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update zarafa' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
Fedora EPEL 6 Update: python-sanction-0.1.4-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0394
2013-02-19 21:18:08
--------------------------------------------------------------------------------
Name : python-sanction
Product : Fedora EPEL 6
Version : 0.1.4
Release : 1.el6
URL : http://pypi.python.org/pypi/sanction
Summary : A simple, lightweight OAuth2 client
Description :
python-sanction is a lightweight, dead simple client implementation of
the OAuth2 protocol.
- Variations on OAuth2 client implementation range from a few hundred LOC
to thousands. In a Pythonic world, there's absolutely no need for this when
simply dealing with the client side of the spec. Currently, sanction sits
at a whopping 65 LOC, one class. This makes the library tremendously easy
to grok.
- Most providers have varying levels of diversion from the official spec.
The goal with this library is to either handle these diversions natively,
or expose a method to allow client code to deal with it efficiently and
effectively.
- Three of the four OAuth2 flows should be supported by this library.
Currently, only authorization code and client credential flows have been
tested due to lack of other (known) implementations.
sanction has been tested with the following OAuth2 providers:
* Facebook (include the test API)
* Google
* Foursquare
* bitly
* GitHub
* StackExchange
* Instagram
* DeviantArt
--------------------------------------------------------------------------------
Update Information:
Initial packaging.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #907583 - Review Request: python-sanction - A simple, lightweight OAuth2 client
https://bugzilla.redhat.com/show_bug.cgi?id=907583
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-sanction' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
[SECURITY] Fedora EPEL 6 Update: drupal6-ctools-1.10-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2012-13610
2012-12-01 00:32:43
--------------------------------------------------------------------------------
Name : drupal6-ctools
Product : Fedora EPEL 6
Version : 1.10
Release : 1.el6
URL : http://drupal.org/project/ctools
Summary : This suite is primarily a set of APIs and tools
Description :
This suite is primarily a set of APIs and tools
to improve the developer experience.
It also contains a module called the Page Manager whose job is to manage pages.
In particular it manages panel pages,
but as it grows it will be able to manage far more than just Panels.
For the moment, it includes the following tools:
Plug-ins -- tools to make it easy for modules
to let other modules implement plug-ins from .inc files.
Ex-portables -- tools to make it easier for modules to have objects
that live in database or live in code, such as 'default views'.
AJAX responder -- tools to make it easier for the server to handle AJAX requests
and tell the client what to do with them.
Form tools -- tools to make it easier for forms to deal with AJAX.
Object caching -- tool to make it easier to edit an object
across multiple page requests and cache the editing work.
Contexts -- the notion of wrapping objects in a unified wrapper
and providing an API to create and accept these contexts as input.
Modal dialog -- tool to make it simple to put a form in a modal dialog.
Dependent -- a simple form widget to make form items appear
and disappear based upon the selections in another item.
Content -- plug-gable content types used as panes in Panels
and other modules like Dashboard.
Form wizard -- an API to make multiple-step forms much easier.
CSS tools -- tools to cache and sanitize CSS easily to make user-input CSS safe.
--------------------------------------------------------------------------------
Update Information:
New security release, http://drupal.org/node/1841030.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #881986 - CVE-2012-5559 drupal6-ctools: XSS flaw (SA-CONTRIB-2012-165)
https://bugzilla.redhat.com/show_bug.cgi?id=881986
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update drupal6-ctools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
Fedora EPEL 6 Update: mysql-utilities-1.2.0-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0293
2013-02-09 01:07:18
--------------------------------------------------------------------------------
Name : mysql-utilities
Product : Fedora EPEL 6
Version : 1.2.0
Release : 1.el6
URL : https://launchpad.net/mysql-utilities
Summary : MySQL Utilities
Description :
The MySQL Utilities is a set of easy-to-use scripts intended to make working
with servers easier. It is part of the MySQL Workbench.
Documentation:
http://dev.mysql.com/doc/workbench/en/mysql-utilities.html
--------------------------------------------------------------------------------
Update Information:
Release 1.2.0 (Released January 26, 2013)
* BUG#13956819: MySQL Utilities requires changes for RPM packaging
* WL#6256: Change password handling
* WL#6262: Audit log parser
Release 1.1.2 (Released January 17, 2013)
* BUG#13931340: mysqluserclone should dump all users
* BUG#14712211: mysqluc fails to look for the utilities for a given utildir
* BUG#15867353: Add GTID handling to mysqldbcopy, mysqldbexport
* BUG#16010766: gtid enabled utilities need to check version of the server
* BUG#16016887: mysqldiskusage reports missing binlog
* BUG#16020953: --timeout option in mysqlfailover throws error
* BUG#16023646: mysqldbcopy cannot copy world_innodb sample database
* BUG#16023781: switchover can fail to complete if there are errors in slaves
* BUG#16035934: unused --server option in mysqldbcompare
* BUG#16037123: mysqlrplshow fails to report connection errors
* BUG#16072863: gtid-enabled utilities need better error handling
* BUG#14158371: mysqlserverinfo reports server offline on authentication error
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update mysql-utilities' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
Fedora EPEL 6 Update: python-django-longerusername-0.4-2.20130204gite4e85d7d.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0299
2013-02-09 01:07:33
--------------------------------------------------------------------------------
Name : python-django-longerusername
Product : Fedora EPEL 6
Version : 0.4
Release : 2.20130204gite4e85d7d.el6
URL : https://github.com/GoodCloud/django-longer-username
Summary : Make django auth.user username field longer
Description :
django-longerusername provides a migration and a monkeypatch to make
the django auth.user username field longer, instead of the arbitrarily
short 30 characters.
It's designed to be a simple include-and-forget project that makes a
little headache go away.
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908049 - Review Request: python-django-longerusername - Make django auth.user username field longer
https://bugzilla.redhat.com/show_bug.cgi?id=908049
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-django-longerusername' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month
[SECURITY] Fedora EPEL 5 Update: drupal6-ctools-1.10-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2012-13612
2012-12-01 00:32:49
--------------------------------------------------------------------------------
Name : drupal6-ctools
Product : Fedora EPEL 5
Version : 1.10
Release : 1.el5
URL : http://drupal.org/project/ctools
Summary : This suite is primarily a set of APIs and tools
Description :
This suite is primarily a set of APIs and tools
to improve the developer experience.
It also contains a module called the Page Manager whose job is to manage pages.
In particular it manages panel pages,
but as it grows it will be able to manage far more than just Panels.
For the moment, it includes the following tools:
Plug-ins -- tools to make it easy for modules
to let other modules implement plug-ins from .inc files.
Ex-portables -- tools to make it easier for modules to have objects
that live in database or live in code, such as 'default views'.
AJAX responder -- tools to make it easier for the server to handle AJAX requests
and tell the client what to do with them.
Form tools -- tools to make it easier for forms to deal with AJAX.
Object caching -- tool to make it easier to edit an object
across multiple page requests and cache the editing work.
Contexts -- the notion of wrapping objects in a unified wrapper
and providing an API to create and accept these contexts as input.
Modal dialog -- tool to make it simple to put a form in a modal dialog.
Dependent -- a simple form widget to make form items appear
and disappear based upon the selections in another item.
Content -- plug-gable content types used as panes in Panels
and other modules like Dashboard.
Form wizard -- an API to make multiple-step forms much easier.
CSS tools -- tools to cache and sanitize CSS easily to make user-input CSS safe.
--------------------------------------------------------------------------------
Update Information:
New security release, http://drupal.org/node/1841030.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #881986 - CVE-2012-5559 drupal6-ctools: XSS flaw (SA-CONTRIB-2012-165)
https://bugzilla.redhat.com/show_bug.cgi?id=881986
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update drupal6-ctools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 1 month