drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in BackupPC
Name: |
Cross-Site Scripting in BackupPC |
|
ID: |
FEDORA-2012-0826 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 15 |
|
Datum: |
Do, 2. Februar 2012, 08:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3361 |
|
Applikationen: |
BackupPC |
|
Originalnachricht |
Name : BackupPC Product : Fedora 15 Version : 3.2.1 Release : 7.fc15 URL : http://backuppc.sourceforge.net/ Summary : High-performance backup system Description : BackupPC is a high-performance, enterprise-grade system for backing up Linux and WinXX and Mac OS X PCs and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain.
------------------------------------------------------------------------------- - Update Information:
- change %%{_sharedstatedir} to %%{_localstatedir}/lib as these expand
differently on EL (bz #767719)
- fix XSS vulnerability (bz #749846, bz #749847, bz #749848) CVE-2011-3361
- additional documentation about enabling correct channels in RHEL to resolve
all dependencies (bz #749627)
- fix bug with missing tmpfiles.d directory
- add perl(Digest::MD5) to list of build and install dependencies ------------------------------------------------------------------------------- - ChangeLog:
* Sun Jan 22 2012 Bernard Johnson <bjohnson@symetrix.com> - 3.2.1-7 - change %{_sharedstatedir} to %{_localstatedir}/lib as these expand differently on EL (bz #767719) - fix XSS vulnerability (bz #749846, bz #749847, bz #749848) CVE-2011-3361 - additional documentation about enabling correct channels in RHEL to resolve all dependencies (bz #749627) - fix bug with missing tmpfiles.d directory - add perl(Digest::MD5) to list of build and install dependencies * Wed Sep 21 2011 Bernard Johnson <bjohnson@symetrix.com> - 3.2.1-6 - fix postun scriptlet error (bz #736946) - make postun scriptlet more coherent - change selinux context on log files to httpd_log_t and allow access to them (bz #730704) * Fri Aug 12 2011 Bernard Johnson <bjohnson@symetrix.com> - 3.2.1-4 - change macro conditionals to include tmpfiles.d support starting at Fedora 15 (bz #730053) - change install lines to preserve timestamps * Fri Jul 8 2011 Bernard Johnson <bjohnson@symetrix.com> - 3.2.1-1 - v 3.2.1 - add lower case script URL alias for typing impaired - cleanup selinux macros - spec cleanup - make samba dependency on actual files required to EL5 can use samba-client or samba3x-client (bz #667479) - unbundle perl(Net::FTP::AutoReconnect) and perl(Net::FTP::RetrHandle) - remove old patch that is no longer needed - attempt to make sure $Conf{TopDir} is listed in updatedb PRUNEPATHS, otherwise at least generate a warning on statup (bz #554491) - move sockets to /var/run (bz #719499) - add support for systemd starting at F16 (bz #699441) - patch to move pid dir under /var/run - unbundle Net::FTP::* - add support for tmpfiles.d ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #767719 - /etc/updatedb.conf entry error https://bugzilla.redhat.com/show_bug.cgi?id=767719 [ 2 ] Bug #749846 - BackupPC: XSS in View.pm [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=749846 [ 3 ] Bug #749847 - BackupPC: XSS in View.pm [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=749847 [ 4 ] Bug #749848 - BackupPC: XSS in View.pm [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=749848 [ 5 ] Bug #749627 - BackupPC install documentation for RHEL/EPEL needs update. https://bugzilla.redhat.com/show_bug.cgi?id=749627 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update BackupPC' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|