[SECURITY] Fedora 20 Update: kqtquickcharts-4.14.1-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Sat Sep 27 09:47:49 UTC 2014


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-11448
2014-09-25 09:30:40
--------------------------------------------------------------------------------

Name        : kqtquickcharts
Product     : Fedora 20
Version     : 4.14.1
Release     : 1.fc20
URL         : https://projects.kde.org/projects/kde/kdeedu/kqtquickcharts
Summary     : A QtQuick plugin to render beautiful and interactive charts
Description :
A QtQuick plugin to render beautiful and interactive charts.

--------------------------------------------------------------------------------
Update Information:

KDE released updates for its Applications and Development Platform, the first in a series of monthly stabilization updates to the 4.14 series.  This update also includes the latest stable calligra-2.8.6 and digikam-4.3.0 releases.  See also http://kde.org/announcements/4.14/ , http://kde.org/announcements/announce-4.14.1.php ,  https://www.calligra.org/news/calligra-2-8-6-released/ , https://www.digikam.org/node/718

The update also addresses CVE-2014-5033, fixed in kdelibs ≥ 4.14.0: KAuth was calling PolicyKit 1 (polkit) in an insecure way.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1094890 - CVE-2014-5033 polkit-qt: insecure calling of polkit
        https://bugzilla.redhat.com/show_bug.cgi?id=1094890
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update kqtquickcharts' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list