[SECURITY] Fedora Core 1 Update: neon-0.24.5-1

Mark J Cox mjc at redhat.com
Fri May 14 08:15:13 UTC 2004 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-103
2004-04-14
---------------------------------------------------------------------

Name        : neon
Version     : 0.24.5                      
Release     : 1                  
Summary     : An HTTP and WebDAV client library
Description :
neon is an HTTP and WebDAV client library, with a C interface;
providing a high-level interface to HTTP and WebDAV methods along
with a low-level interface for HTTP request handling.  neon
supports persistent connections, proxy servers, basic, digest and
Kerberos authentication, and has complete SSL support.

---------------------------------------------------------------------
Update Information:

Multiple format string vulnerabilities in neon 0.24.4 and earlier
allow remote malicious WebDAV servers to execute arbitrary code.

Updated packages were made available in April 2004 however the original
update notification email did not make it to fedora-announce-list at
that time.

---------------------------------------------------------------------

* Wed Apr 14 2004 Joe Orton <jorton at redhat.com> 0.24.5-1

- update to 0.24.5 for CAN 2004-0179 fix

* Thu Mar 25 2004 Joe Orton <jorton at redhat.com> 0.24.4-4

- implement the Negotate auth scheme, and only over SSL

* Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>

- rebuilt

* Wed Feb 25 2004 Joe Orton <jorton at redhat.com> 0.24.4-3

- use BuildRequires not BuildPrereq, drop autoconf, libtool;
  -devel requires {openssl,zlib}-devel (#116744)

* Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com> 0.24.4-2

- rebuilt

* Mon Feb 09 2004 Joe Orton <jorton at redhat.com> 0.24.4-1

- update to 0.24.4


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

f34a346e0d945707e888874699ed958a  SRPMS/neon-0.24.5-1.src.rpm
4c3c9a53a1916566c3822e5ac9eed67d  i386/neon-0.24.5-1.i386.rpm
c00098bf0548dcf7e3f8ad1db90c78e8  i386/neon-devel-0.24.5-1.i386.rpm
c6faddb460bff55de5571630324f5381  i386/debug/neon-debuginfo-0.24.5-1.i386.rpm
e192a575ff1184e7ba35326a0ba84b5c  x86_64/neon-0.24.5-1.x86_64.rpm
50d3157693574508440893e5dcf48ac3  x86_64/neon-devel-0.24.5-1.x86_64.rpm
eb12e5f3ed12849c26b949ce7c3c5aa0  x86_64/debug/neon-debuginfo-0.24.5-1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

More information about the fedora-announce-list mailing list