For full changes, please refer:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
Here is summary for security fixes:
* Security Fix: During evaluation of arguments to extreme-value
functions (such as LEAST() and GREATEST()), type errors did not
propagate properly, causing the server to crash. (Bug#55826)
* Security Fix: The server could crash after materializing a derived
table that required a temporary table for grouping. (Bug#55568)
* Security Fix: A user-variable assignment expression that is
evaluated in a logical expression context can be precalculated in a
temporary table for GROUP BY. However, when the expression value is
used after creation of the temporary table, it was re-evaluated, not
read from the table and a server crash resulted. (Bug#55564)
* Security Fix: Pre-evaluation of LIKE predicates during view
preparation could cause a server crash. (Bug#54568)
* Security Fix: GROUP_CONCAT() and WITH ROLLUP together could cause a
server crash. (Bug#54476)
* Security Fix: Queries could cause a server crash if the GREATEST()
or LEAST() function had a mixed list of numeric and LONGBLOB
arguments, and the result of such a function was processed using an
intermediate temporary table. (Bug#54461)
* Security Fix: Queries with nested joins could cause an infinite loop
in the server when used from stored procedures and prepared
statements. (Bug#53544)
* Security Fix: The PolyFromWKB() function could crash the server when
improper WKB data was passed to the function. (Bug#51875)
Dear TYPO3 community,
The TYPO3 core team has just released TYPO3 versions 4.2.15,
4.3.7 and 4.4.4, which are now ready for you to download. All versions
are maintenance releases and contain bugfixes and security fixes.
IMPORTANT:
These versions include important security fixes to the TYPO3 core. A
security announcement has just been released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
pkg-vulnerabilities.
Changes since 1.6.3:
This is a monthly bugfix release.
* archive: set date to 1980 for very old zip files
* bookmarks: fix _bookmarks/lookup() reentrancy issue (issue2016)
* color: add win32 support for non-black background
* context: fix filectx.undelete() (issue2388)
* convert/darcs: handle non-ASCII metadata in darcs changelog (issue2354)
* convert/svn: fix broken symlink renames in svn sink
* core: use lexists() instead of exists() where appropriate
* hgweb: Fix memory leak when using hg commands over http repositories
* hgweb: correct Content-Type header values for archive downloads
* log: include unmodified-in-merge files in log diff/stat (issue2383)
* mq: always require --force when pushing patches (issue2363)
* patch: do not overwrite broken untracked symlinks
* patch: fix rename text to binary file (issue2400)
* patch: fix target when patching broken symlinks (issue2368)
* patch: upgrade to git patch when removing binary file
* rename: do not overwrite existing broken symlinks
* url: verify correctness of https server certificates (issue2407)
* util: avoid using hashlib on Python < 2.5 (issue2278)
* verify: fix "missing revlog!" errors for revlog format v0 and add test
* win32: add Emacs scripts to Inno Setup installer
* win32: add hgweb scripts to Inno Setup installer
(bugfixes only).
Changelog for Dovecot 1.2.15:
* acl: Fixed the logic of merging multiple ACL entries. Now it works as
documented, while previously it could have done slightly different
things depending on the order of the entries.
For details see http://www.dovecot.org/list/dovecot/2010-October/053452.html
* acl: Don't give admin rights to all owner mailboxes. This was
originally done to make sure that mailbox owner couldn't accidentally
remove their own admin rights. But this is already prevented by
SETACL command, so it's not necessary. Also sysadmin may have
intentionally removed some admin rights from some mailboxes
(especially when using symlinked shared mailboxes).
- Maildir: Fixed potential "Duplicate file entry" in dovecot-uidlist
file errors.
- Maildir: Avoid unnecessary uidlist recreation during mail delivery.
- imap: When SELECT fails, it didn't close the previous mailbox.
- Dovecot master process could have died if it got SIGCHLD signals
very rapidly while it was trying to log. This could have happened
for example if a lot of imap/pop3 sessions disconnected at the exact
same time.
Changelog for Sieve 0.1.18:
- Imap4flags: fixed segfault bug occuring in multiscript context.
Occured in specific situations when a script using imap4flags was
followed in the sequence by scripts not using imap4flags.
- Imap4flags: fixed bug in setflag command; when parameter was a
stringlist, only the last item was actually set.
- Prevented assertion failure due to currupt binary string
representation. If the string were missing a final \0 character an
assertion was produced in stead of a binary corruption error.
- Multiscript: fixed duplicate implicit keep caused by erroneous
execution state update.
- Fixed Sieve script name checking to properly handle length limit
and added 0x00ff as invalid character.
- Removed spurious old stdio.h (top) includes; these caused compile
issues on specific systems.
- Fixed default Sieve capability (as reported by ManageSieve): extra
extensions spamtest, spamtestplus and virustest were enabled by
default. These should, however, only be enabled when properly
configured and there is no default configuration.
- Variables extension: fixed :length set modifier to recognize utf8
characters in stead of octets.
- Fixed unnecessary reporting of dummy extensions in ManageSieve
SIEVE capability; the comparator-i;octet and
comparator-i;ascii-numeric 'extensions' were reported explicitly.
- LDA Sieve plugin: added _version symbol to enable Dovecot's plugin
version check. Without this check, people can forget to recompile
the plugin, which can lead to unexpected effects.
Changelog for ManageSieve 0.11.12:
- Fixed error handling of PUTSCRIPT commmand; save commit errors
would not make the command fail.
- Fixed PUTSCRIPT bug causing it to hang when given an empty script
name.
-------------
- Fix space-stuffing in format=flowed messages (#1487018)
- Fix msgexport.sh now using the new imap wrapper
- Avoid displaying password on shell (#1486947)
- Only lower-case user name if first login attempt failed (#1486393)
- Make alias setting in squirrelmail_usercopy plugin configurable (patch by pomm
i, #1487007)
- Prevent from saving a non-existing skin path in user prefs (#1486936)
- Improve handling of single-part messages with bogus BODYSTRUCTURE (#1486898)
- Fix path to SQL files when using pgsql/mysqli/sqlsrv drivers (#1486902)
- Fix upgrade script for SQLite (#1486903)
- Fixes in SQL init script + added update script for MSSQL database
- Remove redundant date in syslog messages (#1486945)
- Fix contacts list page controls when a group is selected (#1486946)
- Fix SMTP test in Installer (#1486952)
- Fix "Select all" causes message to be opened in folder with exactly one messag
e (#1486913)
- Fix Tab key doesn't work in HTML editor in Google Chrome (#1486925)
- Fix TinyMCE uses zh_CN when zh_TW locale is set (#1486929)
- Fix TinyMCE buttons are hidden in Opera (#1486922)
- Fix JS error on IE when trying to send HTML message with enabled spellchecker
(#1486940)
- Display inline images with known extensions and non-image content-type (#14869
34)
- Fix "Threaded" checkbox after subfolder creation (#1486928)
- Fix timezone string in sent mail (#1486961)
- Show disabled checkboxes for protected folders instead of dots (#1485498)
- Added fieldsets in Identity form, added 'identity_form' hook
- Re-added 'Close' button in upload form (#1486930, #1486823)
- Fix handling of charsets with LATIN-* label
- Fix messages background image handling in some cases (#1486990)
- Fix format=flowed handling (#1486989)
- Fix when IMAP connection fails in 'get' action session shouldn't be destroyed
(#1486995)
- Fix list_cols is not updated after column dragging (#1486999)
- Support %z variable in host configuration options (#1487003)
Oked by wiz@
