Fedora 10: 2009-11062 Critical CUPS XSS Fix and Update Information

* Tue Nov 10 2009 Tim Waugh 1:1.3.11-2 - Added fix for CVE-2009-2820 (bug #529833). * Tue Nov 3 2009 Tim Waugh 1:1.3.11-1 - 1.3.11. * Tue Nov 3 2009 Tim Waugh 1:1.3.10-7 - Removed stale patch from STR #2831 which was causing problems with number-up (bug #532516). * Tue Oct 20 2009 Jiri Popelka 1:1.3.10-6 - Fix cups-lpd to create unique temporary data files (bug #529838, STR #3382). * Wed May 6 2009 Tim Waugh 1:1.3.10-5 - Restart cupsd if "ServerAlias *" is added to cupsd.conf (bug #497354). - Ship "ServerAlias *" in cupsd.conf.default configuration file as well (bug #498884). * Mon Apr 27 2009 Tim Waugh 1:1.3.10-4 - Adjust cupsd.conf by adding "ServerAlias *" automatically on upgrade (part of bug #497301). The default cupsd.conf now includes this line as well. * Sun Apr 26 2009 Tim Waugh 1:1.3.10-2 - Accept "Host: ::1" (bug #497393). - Accept Host: fields set to the ServerName value (bug #497301). - Temporarily relax requirement to have printer-uri attribute in IPP-Get-Jobs request (bug #497519). * Tue Apr 21 2009 Tim Waugh 1:1.3.10-1 - 1.3.10. No longer need ext, includeifexists, str2988, CVE-2008-5183, CVE-2008-5286, str3077, str3078, str3059, str3055 patches. - Requires poppler-utils. - NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add "ServerAlias hostname" for each such name. The special line "ServerAlias *" disables checking (but this allows DNS rebinding attacks). * Mon Mar 9 2009 Tim Waugh 1:1.3.9-9 - Fixed getnameddest patch (bug #481481, STR #3082). - Handle https:// device URIs (bug #478677, STR #3122). * Wed Jan 28 2009 Tim Waugh 1:1.3.9-8 - Always supply document-name when printing a file (STR #3055). - Load MIME type rules correctly (bug #426089, STR #3059). * Wed Jan 28 2009 Tim Waugh 1:1.3.9-7 - Fixed quotas (STR #3077, STR #3078). * Tue Dec 9 2008 Tim Waugh 1:1.3.9-6 - Attempt to unbreak the fix for STR #2831 (bug #474742). * Mon Dec 8 2008 Tim Waugh 1:1.3.9-5 - Removed dnssd backend as it was causing problems (bug #475230). * Wed Dec 3 2008 Tim Waugh 1:1.3.9-4 - Applied patch to fix STR #2974 (bug #473905, CVE-2008-5286, CVE-2008-1722). - Applied patch to fix RSS subscription limiting (bug #473901, CVE-2008-5183). - Fixed cups-polld again for res_init (STR #3023, bug #354071). - Added patch to avoid polling busy loop (STR #2988). * Thu Oct 30 2008 Tim Waugh 1:1.3.9-3 - Fixed LSPP labels (bug #468442).