——————————————————————————–
Fedora Update Notification
FEDORA-2019-9231a18768
2019-09-14 01:11:50.073054
——————————————————————————–

Name : sphinx
Product : Fedora 30
Version : 2.2.11
Release : 12.fc30
URL : http://sphinxsearch.com
Summary : Free open-source SQL full-text search engine
Description :
Sphinx is a full-text search engine, distributed under GPL version 2.
Commercial licensing (e.g. for embedded use) is also available upon request.

Generally, it’s a standalone search engine, meant to provide fast,
size-efficient and relevant full-text search functions to other
applications. Sphinx was specially designed to integrate well with SQL
databases and scripting languages.

Currently built-in data source drivers support fetching data either via
direct connection to MySQL, or PostgreSQL, or from a pipe in a custom XML
format. Adding new drivers (e.g. native support other DBMSes) is
designed to be as easy as possible.

Search API native ported to PHP, Python, Perl, Ruby, Java, and also
available as a plug-gable MySQL storage engine. API is very lightweight so
porting it to new language is known to take a few hours.

As for the name, Sphinx is an acronym which is officially decoded as SQL
Phrase Index. Yes, I know about CMU’s Sphinx project.

——————————————————————————–
Update Information:

Security fix for CVE-2019-14511
——————————————————————————–
ChangeLog:

* Thu Sep 5 2019 Ben Cotton <bcotton@fedoraproject.org> – 2.2.11-12
– Listen only on localhost (CVE-2019-14511, rhbz#1749190)
——————————————————————————–
References:

[ 1 ] Bug #1749188 – CVE-2019-14511 sphinx: no authentication and listens on 0.0.0.0 leads to information disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=1749188
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-9231a18768’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-bdadf4c6f5
2019-09-14 01:53:52.304211
——————————————————————————–

Name : sphinx
Product : Fedora 29
Version : 2.2.11
Release : 12.fc29
URL : http://sphinxsearch.com
Summary : Free open-source SQL full-text search engine
Description :
Sphinx is a full-text search engine, distributed under GPL version 2.
Commercial licensing (e.g. for embedded use) is also available upon request.

Generally, it’s a standalone search engine, meant to provide fast,
size-efficient and relevant full-text search functions to other
applications. Sphinx was specially designed to integrate well with SQL
databases and scripting languages.

Currently built-in data source drivers support fetching data either via
direct connection to MySQL, or PostgreSQL, or from a pipe in a custom XML
format. Adding new drivers (e.g. native support other DBMSes) is
designed to be as easy as possible.

Search API native ported to PHP, Python, Perl, Ruby, Java, and also
available as a plug-gable MySQL storage engine. API is very lightweight so
porting it to new language is known to take a few hours.

As for the name, Sphinx is an acronym which is officially decoded as SQL
Phrase Index. Yes, I know about CMU’s Sphinx project.

——————————————————————————–
Update Information:

Security fix for CVE-2019-14511
——————————————————————————–
ChangeLog:

* Thu Sep 5 2019 Ben Cotton <bcotton@fedoraproject.org> – 2.2.11-12
– Listen only on localhost (CVE-2019-14511, rhbz#1749190)
* Thu Feb 14 2019 Orion Poplawski <orion@nwra.com> – 2.2.11-11
– Revert incorrect use of _tmpfiledir rhbx#1551735
* Sun Feb 3 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.2.11-10
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1749188 – CVE-2019-14511 sphinx: no authentication and listens on 0.0.0.0 leads to information disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=1749188
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-bdadf4c6f5’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org