[SECURITY] Fedora 20 Update: zarafa-7.1.12-2.fc20

updates at fedoraproject.org updates at fedoraproject.org
Fri Jun 5 23:41:43 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-8479
2015-05-19 11:37:55
--------------------------------------------------------------------------------

Name        : zarafa
Product     : Fedora 20
Version     : 7.1.12
Release     : 2.fc20
URL         : http://www.zarafa.com/
Summary     : Open Source Edition of the Zarafa Collaboration Platform
Description :
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The
Open Source Collaboration provides an integration with your existing Linux
mail server, native mobile phone support by ActiveSync compatibility and a
webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an
IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open
Source Collaboration can combine the usability with the stability and the
flexibility of a Linux server.

The proven Zarafa groupware solution is using MAPI objects, provides a MAPI
client library as well as programming interfaces for C++, PHP and Python.
The other Zarafa related packages need to be installed to gain all features
and benefits of the Zarafa Collaboration Platform (ZCP).

--------------------------------------------------------------------------------
Update Information:

- Upgrade to 7.1.12 (re-released)
- Backported patch from Zarafa 7.2 to fix CVE-2015-3436
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2015 Robert Scheck <robert at fedoraproject.org> 7.1.12-2
- Upgrade to 7.1.12 (re-released)
- Backported patch from Zarafa 7.2 to fix CVE-2015-3436 (#1222151)
* Tue Apr  7 2015 Robert Scheck <robert at fedoraproject.org> 7.1.12-1
- Upgrade to 7.1.12
- Added multiple minor enhancement and bugfix patches
- Added patch to fix CVE-2014-0103 for PHP < 5.3 (#1073618)
- Handle "su" option in logrotate >= 3.8.0 to avoid errors
* Sat Oct 25 2014 Kevin Kofler <Kevin at tigcc.ticalc.org> 7.1.11-2
- Rebuild for reference-counting-enabled clucene09
* Wed Oct 15 2014 Robert Scheck <robert at fedoraproject.org> 7.1.11-1
- Upgrade to 7.1.11 (#1139442)
- Removed bundled PHP PEAR files/libraries
- Added patch to allow mitigation of SSLv3/POODLE vulnerability
- Added patch to implement ECDHE support (depending on OpenSSL)
- Added patch to allow plaintext authentication from 127.0.0.1
* Tue Aug 26 2014 David Tardon <dtardon at redhat.com> - 7.1.10-5
- rebuild for ICU 53.1
* Mon Aug 25 2014 Robert Scheck <robert at fedoraproject.org> 7.1.10-4
- Fixed multiple incorrect default permissions (#1133439)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.1.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Jul 14 2014 Robert Scheck <robert at fedoraproject.org> 7.1.10-3
- Rebuild for gSOAP 2.8.17
* Fri Jul 11 2014 Robert Scheck <robert at fedoraproject.org> 7.1.10-2
- Added a workaround to really support MariaDB (#995870)
- Re-added a patch to allow building without zarafa-search
* Sun Jun 29 2014 Robert Scheck <robert at fedoraproject.org> 7.1.10-1
- Upgrade to 7.1.10
* Fri Jun 20 2014 Remi Collet <rcollet at redhat.com> - 7.1.9-2.1
- rebuild for https://fedoraproject.org/wiki/Changes/Php56
- add numerical prefix to extension configuration file
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.1.9-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 22 2014 Petr Machata <pmachata at redhat.com> - 7.1.9-2
- Rebuild for boost 1.55.0
* Thu May  1 2014 Robert Scheck <robert at fedoraproject.org> 7.1.9-1
- Upgrade to 7.1.9
* Fri Feb 21 2014 Robert Scheck <robert at fedoraproject.org> 7.1.8-3
- Upgrade to 7.1.8 (re-released)
* Fri Feb 14 2014 Parag Nemade <paragn AT fedoraproject DOT org> - 7.1.8-2
- Rebuild for icu 52
* Thu Jan 30 2014 Robert Scheck <robert at fedoraproject.org> 7.1.8-1
- Upgrade to 7.1.8 (#1056767, #1059903)
* Sun Dec  8 2013 Robert Scheck <robert at fedoraproject.org> 7.1.7-1
- Upgrade to 7.1.7 (#1008068)
- Added dependency from gateway and spooler to python-MAPI
- Added requirements to virtual libvmime ABI/API provides
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222151 - CVE-2015-3436 zarafa: Overwrite arbitrary files in filesystem
        https://bugzilla.redhat.com/show_bug.cgi?id=1222151
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update zarafa' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list