[SECURITY] Fedora 12 Update: couchdb-0.11.2-2.fc12

updates at fedoraproject.org updates at fedoraproject.org
Tue Sep 21 01:33:03 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-13665
2010-08-27 06:13:30
--------------------------------------------------------------------------------

Name        : couchdb
Product     : Fedora 12
Version     : 0.11.2
Release     : 2.fc12
URL         : http://couchdb.apache.org/
Summary     : A document database server, accessible via a RESTful JSON API
Description :
Apache CouchDB is a distributed, fault-tolerant and schema-free
document-oriented database accessible via a RESTful HTTP/JSON API.
Among other features, it provides robust, incremental replication
with bi-directional conflict detection and resolution, and is
queryable and indexable using a table-oriented view engine with
JavaScript acting as the default view definition language.

--------------------------------------------------------------------------------
Update Information:

Despite the fact that this is a security-related fix I would like to test these packages for a while because of possible API incompatibilities (version upgrade).
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 26 2010 Peter Lemenkov <lemenkov at gmail.com> 0.11.2-2
- Cleaned up spec-file a bit
* Tue Aug 17 2010 Peter Lemenkov <lemenkov at gmail.com> 0.11.2-1
- Ver. 0.11.2
* Wed Jul 14 2010 Peter Lemenkov <lemenkov at gmail.com> 0.11.1-1
- Ver. 0.11.1
- Removed patch for compatibility with Erlang/OTP R14A (merged upstream)
* Sun Jul 11 2010 Peter Lemenkov <lemenkov at gmail.com> 0.11.0-3
- Compatibility with Erlang R14A (see patch9)
* Tue Jun 22 2010 Peter Lemenkov <lemenkov at gmail.com> 0.11.0-2
- Massive spec cleanup
* Fri Jun 18 2010 Peter Lemenkov <lemenkov at gmail.com> 0.11.0-1
- Ver. 0.11.0 (a feature-freeze release candidate)
* Fri Jun 18 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-13
- Remove ldconfig invocation (no system-wide shared libraries)
- Removed icu-config requires
* Tue Jun 15 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-12
- Narrow explicit requires
* Tue Jun  8 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-11
- Remove bundled ibrowse library (see rhbz #581282).
* Mon Jun  7 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-10
- Use system-wide erlang-mochiweb instead of bundled copy (rhbz #581284)
- Added %check target and necessary BuildRequires - etap, oauth, mochiweb
* Wed Jun  2 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-9
- Remove pid-file after stopping CouchDB
* Tue Jun  1 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-8
- Suppress unneeded message while stopping CouchDB via init-script
* Mon May 31 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-7
- Do not manually remove pid-file while stopping CouchDB
* Mon May 31 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-6
- Fix 'stop' and 'status' targets in the init-script (see rhbz #591026)
* Thu May 27 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-5
- Use system-wide erlang-etap instead of bundled copy (rhbz #581281)
* Fri May 14 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-4
- Use system-wide erlang-oauth instead of bundled copy (rhbz #581283)
* Thu May 13 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-3
- Fixed init-script to use /etc/sysconfig/couchdb values (see rhbz #583004)
- Fixed installation location of beam-files (moved to erlang directory)
* Fri May  7 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-2
- Remove useless BuildRequires
* Fri May  7 2010 Peter Lemenkov <lemenkov at gmail.com> 0.10.2-1
- Update to 0.10.2 (resolves rhbz #578580 and #572176)
- Fixed chkconfig priority (see rhbz #579568)
* Fri Apr  2 2010 Caolán McNamara <caolanm at redhat.com> 0.10.0-3
- rebuild for icu 4.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #627498 - CVE-2010-2953 couchdb: start-up script sets insecure LD_LIBRARY_PATH
        https://bugzilla.redhat.com/show_bug.cgi?id=627498
  [ 2 ] Bug #624764 - CVE-2010-2234 couchdb: CSRF vulnerability in versions prior to 0.11.2/1.0.1
        https://bugzilla.redhat.com/show_bug.cgi?id=624764
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update couchdb' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list