Fedora 20 Update: pki-core-10.1.2-4.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15401
2014-11-19 15:13:18
--------------------------------------------------------------------------------
Name : pki-core
Product : Fedora 20
Version : 10.1.2
Release : 4.fc20
URL : http://pki.fedoraproject.org/
Summary : Certificate System - PKI Core Components
Description :
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps-tomcat
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Data Recovery Manager (DRM)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
For deployment purposes, PKI Core contains fundamental packages
required by BOTH native-based Apache AND java-based Tomcat
Certificate System instances consisting of the following components:
* pki-tools
Additionally, PKI Core contains the following fundamental packages
required ONLY by ALL java-based Tomcat Certificate System instances:
* pki-symkey
* pki-base
* pki-tools
* pki-server
PKI Core also includes the following components:
* pki-javadoc
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages.
--------------------------------------------------------------------------------
Update Information:
Bugzilla Bug #1151147 - issuerDN encoding correction
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 18 2014 Endi S. Dewata <edewata(a)redhat.com> 10.1.2-4
- Bugzilla Bug #1151147 - issuerDN encoding correction
- Bumped release number to match RHEL
* Fri Sep 19 2014 Matthew Harmsen <mharmsen(a)redhat.com> 10.1.2-2
- Bugzilla Bug #1108303 - Rebase pki-core to 10.1 (RHEL)
- Bugzilla Bug #1117073 - pki-core ppc64le is missing from ExcludeArch line
of spec file (RHEL)
- Bumped required runtime version of tomcat >= 7.0.54 (RHEL)
- Changed buildtime requirement from 'resteasy-base-jackson-provider >= 3.0.6-1'
to 'resteasy-base-jettison-provider >= 3.0.6-1' (RHEL)
- Added version number of '>= 3.0.6-1' to runtime requirements for all
'resteasy-base' packages (RHEL)
* Thu Sep 18 2014 Ade Lee <alee(a)redhat.com> 10.1.2-1
- Backport fix for ticket 499
- Bump version to ensure migration scripts are run
* Thu Sep 11 2014 Matthew Harmsen <mharmsen(a)redhat.com> 10.1.1-2
- Add missing 'jakarta-commons-httpclient' build and runtime requirement
- Exclude the 'ppcle' and 'ppc64le' platforms from being built on RHEL platforms
- Update 'resteasy-base' requirements on RHEL platforms
- Suppress pylint on RHEL platforms
* Fri Mar 21 2014 Matthew Harmsen <mharmsen(a)redhat.com> 10.1.1-1
- PKI TRAC Ticket #840 - pkispawn requires policycoreutils-python (mharmsen)
- Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python (mharmsen)
- PKI TRAC Ticket #868 - REST API get certs links missing segment
(alee, mharmsen)
- PKI TRAC Ticket #869 - f19 ipa-server-install fails at step 6/22 of cert sys
install - systemctl start pki-tomcatd.target fails
(mharmsen)
- PKI TRAC Ticket #816 - pki-tomcat cannot be started after installation of
ipa replica with ca
(alee, cfu, edewata, mharmsen)
- Updated version number.
* Wed Jan 29 2014 Matthew Harmsen <mharmsen(a)redhat.com> 10.1.0-2
- Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python
- TRAC Ticket #840 - pkispawn requires policycoreutils-python
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151147 - External CA install does not work with CA certificates signed by Microsoft Certificate Services
https://bugzilla.redhat.com/show_bug.cgi?id=1151147
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pki-core' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
Fedora 19 Update: php-solarium-3.3.0-1.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15462
2014-11-20 22:03:21
--------------------------------------------------------------------------------
Name : php-solarium
Product : Fedora 19
Version : 3.3.0
Release : 1.fc19
URL : http://www.solarium-project.org/
Summary : Solarium PHP Solr client library
Description :
Solarium is a PHP Solr client library that accurately model Solr concepts.
Where many other Solr libraries only handle the communication with Solr,
Solarium also relieves you of handling all the complex Solr query parameters
using a well documented API.
Documentation: http://wiki.solarium-project.org/
--------------------------------------------------------------------------------
Update Information:
See https://github.com/basdenooijer/solarium/issues/294
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-solarium' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
Fedora 20 Update: python-pyroute2-0.3.2-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15481
2014-11-20 22:04:15
--------------------------------------------------------------------------------
Name : python-pyroute2
Product : Fedora 20
Version : 0.3.2
Release : 1.fc20
URL : https://github.com/svinota/pyroute2
Summary : Pure Python netlink library
Description :
PyRoute2 provides several levels of API to work with Netlink
protocols, such as Generic Netlink, RTNL, TaskStats, NFNetlink,
IPQ.
--------------------------------------------------------------------------------
Update Information:
Update to 0.3.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 18 2014 Peter V. Saveliev <peter(a)svinota.eu> 0.3.2-1
- Update to 0.3.2
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.2.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Mar 18 2014 Jiri Pirko <jpirko(a)redhat.com> - 0.2.7-1
- Update to 0.2.7
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-pyroute2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
Fedora 20 Update: gettext-0.18.3.2-3.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-14790
2014-11-13 16:46:13
--------------------------------------------------------------------------------
Name : gettext
Product : Fedora 20
Version : 0.18.3.2
Release : 3.fc20
URL : http://www.gnu.org/software/gettext/
Summary : GNU libraries and utilities for producing multi-lingual messages
Description :
The GNU gettext package provides a set of tools and documentation for
producing multi-lingual messages in programs. Tools include a set of
conventions about how programs should be written to support message
catalogs, a directory and file naming organization for the message
catalogs, a runtime library which supports the retrieval of translated
messages, and stand-alone programs for handling the translatable and
the already translated strings. Gettext provides an easy to use
library and tools for creating, using, and modifying natural language
catalogs and is a powerful and simple method for internationalizing
programs.
--------------------------------------------------------------------------------
Update Information:
add missing autoconf dependency to -devel, for autopoint
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 13 2014 Daiki Ueno <dueno(a)redhat.com> - 0.18.3.2-3
- add autoconf requirement to -devel for autopoint (#1161554)
* Fri Oct 10 2014 Daiki Ueno <dueno(a)redhat.com> - 0.18.3.2-2
- apply patch to avoid autopoint infinite recursion (#1151238)
* Tue Jan 7 2014 Daiki Ueno <dueno(a)redhat.com> - 0.18.3.2-1
- update to 0.18.3.2 release
- apply patch to suppress -Wformat-security warnings in gnulib-tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1161554 - gettext-devel provides autopoint which requires autoconf but no rpm dependency is present
https://bugzilla.redhat.com/show_bug.cgi?id=1161554
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gettext' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
Fedora 20 Update: libdigidocpp-3.9.0.1237-2.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15492
2014-11-20 22:04:42
--------------------------------------------------------------------------------
Name : libdigidocpp
Product : Fedora 20
Version : 3.9.0.1237
Release : 2.fc20
URL : http://www.ria.ee
Summary : Library for creating and validating BDoc and DDoc containers
Description :
libdigidocpp is a C++ library for reading, validating, and creating BDoc and
DDoc containers. These file formats are widespread in Estonia where they are
used for storing legally binding digital signatures.
--------------------------------------------------------------------------------
Update Information:
Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.9.0.1237-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jul 3 2014 Mihkel Vain <mihkel(a)fedoraproject.org> - 3.9.0.1237-1
- New upstream release
- Create a separate sub-package for docs
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.8.0.1208-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun May 18 2014 Mihkel Vain <mihkel(a)fedoraproject.org> - 3.8.0.1208-3
- Fix typo: ppython-digidoc -> python-digidoc
* Wed Apr 30 2014 Mihkel Vain <mihkel(a)fedoraproject.org> - 3.8.0.1208-2
- Use cmake macro
- Obsolete old subpackages
* Thu Apr 24 2014 Mihkel Vain <mihkel(a)fedoraproject.org> - 3.8.0.1208-1
- First package based on new source code from RIA
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libdigidocpp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
[SECURITY] Fedora 20 Update: erlang-R16B-03.9.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15394
2014-11-19 15:12:56
--------------------------------------------------------------------------------
Name : erlang
Product : Fedora 20
Version : R16B
Release : 03.9.fc20
URL : http://www.erlang.org
Summary : General-purpose programming language and runtime environment
Description :
Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.
--------------------------------------------------------------------------------
Update Information:
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 17 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.9
- Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Tue Nov 11 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.8
- Trimmed dependency chain
- Cleaned up spec-file
* Wed Jun 11 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.7
- Added missing template for epmd@.socket
* Fri Jun 6 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.6
- Add configurable EPMD socket unit
- Change EPMD service's type from simple to notify
* Wed Apr 2 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.5
- Improve EPMD service
* Fri Mar 28 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.4
- Create group and user for EPMD
* Thu Mar 27 2014 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.3
- Ver. R16B03-1 (Bugfix release)
- Enabled systemd support in EPMD
* Fri Feb 7 2014 Sam Kottler <skottler(a)fedoraproject.org> - R16B-03.2
- Fix macro usage for EPEL7 build and added need_bootstrap
* Tue Dec 24 2013 Peter Lemenkov <lemenkov(a)gmail.com> - R16B-03.1
- Ver. R16B03
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1059331 - CVE-2014-1693 erlang-inets: command injection flaw in FTP module
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update erlang' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
[SECURITY] Fedora 20 Update: curl-7.32.0-16.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15706
2014-11-25 14:37:56
--------------------------------------------------------------------------------
Name : curl
Product : Fedora 20
Version : 7.32.0
Release : 16.fc20
URL : http://curl.haxx.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.
--------------------------------------------------------------------------------
Update Information:
- allow to use TLS 1.1 and TLS 1.2 (#1153814)
- disable libcurl-level downgrade to SSLv3 (#1166567)
- low-speed-limit: avoid timeout flood (#1166239)
- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 24 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-16
- allow to use TLS 1.1 and TLS 1.2 (#1153814)
- disable libcurl-level downgrade to SSLv3 (#1166567)
- low-speed-limit: avoid timeout flood (#1166239)
* Wed Nov 5 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-15
- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)
* Tue Oct 21 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-14
- fix a connection failure when FTPS handle is reused
* Wed Sep 10 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-13
- use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
- reject incoming cookies set for top level domains (CVE-2014-3620)
* Wed Jul 30 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-12
- fix endless loop with GSSAPI proxy auth (patches by David Woodhouse, #1118751)
* Mon Jun 2 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-11
- acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option (#1098711)
* Sat May 10 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-10
- extend URL parser to support IPv6 zone identifiers (#680996)
- auth failure on duplicated 'WWW-Authenticate: Negotiate' header (#1093348)
* Fri Apr 25 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-9
- nss: implement non-blocking SSL handshake
* Wed Mar 26 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-8
- fix connection re-use when using different log-in credentials (CVE-2014-0138)
* Mon Mar 17 2014 Paul Howarth <paul(a)city-fan.org> 7.32.0-7
- add all perl build requirements for the test suite, in a portable way
* Wed Mar 5 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-6
- avoid spurious failure of test1086 on s390(x) koji builders (#1072273)
* Tue Feb 25 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-5
- refresh expired cookie in test172 from upstream test-suite (#1068967)
- use proxy name in error messages when proxy is used (#1066484)
* Fri Jan 31 2014 Kamil Dudka <kdudka(a)redhat.com> 7.32.0-4
- re-use of wrong HTTP NTLM connection in libcurl (CVE-2014-0015)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS
https://bugzilla.redhat.com/show_bug.cgi?id=1154941
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update curl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
Fedora 19 Update: quiterss-0.17.1-1.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15406
2014-11-19 15:13:39
--------------------------------------------------------------------------------
Name : quiterss
Product : Fedora 19
Version : 0.17.1
Release : 1.fc19
URL : http://code.google.com/p/quite-rss/
Summary : RSS/Atom aggregator
Description :
Qt-based RSS/Atom aggregator.
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 18 2014 TI_Eugene <ti.eugene(a)gmail.com> - 0.17.1-1
- Version bump
* Tue Sep 23 2014 TI_Eugene <ti.eugene(a)gmail.com> - 0.17.0-1
- Version bump
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.16.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Jul 21 2014 TI_Eugene <ti.eugene(a)gmail.com> - 0.16.1-1
- Version bump
* Fri Jun 13 2014 TI_Eugene <ti.eugene(a)gmail.com> - 0.16.0-1
- Version bump
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.15.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Apr 19 2014 TI_Eugene <ti.eugene(a)gmail.com> - 0.15.4-1
- Version bump
* Thu Mar 20 2014 TI_Eugene <ti.eugene(a)gmail.com> - 0.15.2-1
- Version bump
* Fri Jan 31 2014 TI_Eugene <ti.eugene(a)gmail.com> - 0.14.3-1
- Version bump
* Fri Jan 3 2014 TI_Eugene <ti.eugene(a)gmail.com> - 0.14.2-1
- Version bump
* Sun Dec 8 2013 TI_Eugene <ti.eugene(a)gmail.com> - 0.14.1-1
- Version bump
- phonon-devel BR added
* Sat Nov 16 2013 TI_Eugene <ti.eugene(a)gmail.com> - 0.14.0-1
- Version bump
* Sat Aug 31 2013 TI_Eugene <ti.eugene(a)gmail.com> - 0.13.3-1
- Version bump
* Wed Jul 31 2013 TI_Eugene <ti.eugene(a)gmail.com> - 0.13.2-1
- Version bump
* Mon Jul 1 2013 TI_Eugene <ti.eugene(a)gmail.com> - 0.13.1-1
- Version bump
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update quiterss' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
Fedora 19 Update: python-fedmsg-genacls-0.4-1.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-14781
2014-11-12 01:27:11
--------------------------------------------------------------------------------
Name : python-fedmsg-genacls
Product : Fedora 19
Version : 0.4
Release : 1.fc19
URL : http://pypi.python.org/pypi/fedmsg_genacls
Summary : A fedmsg consumer that sets gitosis acls in response to pkgdb messages
Description :
An example of using fedmsg to monitor pkgdb for messages, but delaying action
for a few seconds to accumulate messages and avoid pile-up.
--------------------------------------------------------------------------------
Update Information:
Respond appropriately to more triggers.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-fedmsg-genacls' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.12-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15538
2014-11-22 11:35:10
--------------------------------------------------------------------------------
Name : phpMyAdmin
Product : Fedora 20
Version : 4.2.12
Release : 1.fc20
URL : http://www.phpmyadmin.net/
Summary : Handle the administration of MySQL over the World Wide Web
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the World Wide Web. Most frequently used operations are supported
by the user interface (managing databases, tables, fields, relations, indexes,
users, permissions), while you still have the ability to directly execute any
SQL statement.
Features include an intuitive web interface, support for most MySQL features
(browse and drop databases, tables, views, fields and indexes, create, copy,
drop, rename and alter databases, tables, fields and indexes, maintenance
server, databases and tables, with proposals on server configuration, execute,
edit and bookmark any SQL-statement, even batch-queries, manage MySQL users
and privileges, manage stored procedures and triggers), import data from CSV
and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text
and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers,
creating PDF graphics of your database layout, creating complex queries using
Query-by-example (QBE), searching globally in a database or a subset of it,
transforming stored data into any format using a set of predefined functions,
like displaying BLOB-data as image or download-link and much more...
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.2.12.0 (2014-11-20)
================================
- Blank/white page when JavaScript disabled
- Multi row actions cause full page reloads
- ReferenceError: targeurl is not defined
- Incorrect text/icon display in Tracking report
- Recordset return from procedure display nothing
- Edit dialog for routines is too long for smaller displays
- JavaScript error after moving a column
- Issue with long comments on table columns
- Input field unnecessarily selected on focus
- Exporting selected rows exports all rows of the query
- No insert statement produced in SQL export for queries with alias
- Field disabled when internal relations used
- [security] XSS through exception stack
- [security] Path traversal can lead to leakage of line count
- [security] XSS vulnerability in table print view
- [security] XSS vulnerability in zoom search page
- [security] Path traversal in file inclusion of GIS factory
- [security] XSS in multi submit
- [security] XSS through pma_fontsize cookie
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 20 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.12-1
- Upgrade to 4.2.12 (#1166397)
* Sat Nov 1 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.11-1
- Upgrade to 4.2.11 (#1159524)
* Wed Oct 22 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.10.1-1
- Upgrade to 4.2.10.1 (#1155272, #1155362)
* Mon Oct 13 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.10-1
- Upgrade to 4.2.10 (#1152115)
* Sat Oct 4 2014 Remi Collet <remi(a)fedoraproject.org> 4.2.9.1-2
- provide nginx configuration (Fedora >= 21)
- fix license handling
* Thu Oct 2 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.9.1-1
- Upgrade to 4.2.9.1 (#1148664)
* Sun Sep 21 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.9-1
- Upgrade to 4.2.9
- Set default charset for Apache explicitly
* Wed Sep 17 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.8.1-2
- Move rm(1) calls from %install to %prep (#1121355 #c10)
* Tue Sep 16 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.8.1-1
- Upgrade to 4.2.8.1 (#1141635)
* Mon Sep 1 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.8-1
- Upgrade to 4.2.8
* Mon Aug 18 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.7.1-1
- Upgrade to 4.2.7.1 (#1130865, #1130866, #1131104)
* Thu Jul 31 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.7-1
- Upgrade to 4.2.7
* Sat Jul 19 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.6-1
- Upgrade to 4.2.6 (#548260, #959946, #989660, #989668, #993613
and #1000261, #1067713, #1110877, #1117600, #1117601)
- Switch from HTTP- to cookie-based authentication (for php-fpm)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.5.8.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Dec 12 2013 Ville Skyttä <ville.skytta(a)iki.fi> - 3.5.8.2-2
- Fix paths to changelog and license when doc dir is unversioned (#994036).
- Fix source URL, use xz compressed tarball.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13)
https://bugzilla.redhat.com/show_bug.cgi?id=1166619
[ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14)
https://bugzilla.redhat.com/show_bug.cgi?id=1166626
[ 3 ] Bug #1166634 - CVE-2014-8960 phpMyAdmin: XSS vulnerability in error reporting functionality (PMASA-2014-15)
https://bugzilla.redhat.com/show_bug.cgi?id=1166634
[ 4 ] Bug #1166637 - CVE-2014-8961 phpMyAdmin: leakage of line count of an arbitrary file (PMASA-2014-16)
https://bugzilla.redhat.com/show_bug.cgi?id=1166637
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update phpMyAdmin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 4 months