The following Fedora 20 Security updates need testing: Age URL 80 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 60 https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20 58 https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20 31 https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10.fc20 30 https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20 29 https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-7936/python3-3.3.2-16.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-8065/rubygem-activerecord-4.0.0-4.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-7657/couchdb-1.6.0-9.fc20,erlang-ibrowse-4.0.1-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7896/zarafa-7.1.10-2.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-5.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-8334/python-bottle-0.12.6-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8394/ipython-0.13.2-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8407/java-1.8.0-openjdk-1.8.0.11-1.b12.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8412/mosquitto-1.3.2-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-9.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8485/drupal7-7.29-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8510/sdcc-3.3.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8561/cobbler-2.6.3-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8183/qemu-1.6.2-7.fc20,java-1.7.0-openjdk-1.7.0.65-2.5.1.3.fc20,qt-4.8.6-9.fc20.1,qt5-qtmultimedia-5.3.1-1.fc20.1,gnome-shell-3.10.4-7.fc20,gnome-settings-daemon-3.10.3-2.fc20,control-center-3.10.3-2.fc20,empathy-3.10.3-2.fc20,gstreamer1-plugins-good-1.2.4-2.fc20,speech-dispatcher-0.8-9.fc20,spice-gtk-0.23-3.fc20,sphinxtrain-1.0.8-13.fc20,guacamole-server-0.8.4-3.fc20,audacious-plugins-3.4.3-2.fc20,paprefs-0.9.10-7.fc20,fldigi-3.21.83-2.fc20,qmmp-0.7.7-1.fc20.1,mumble-1.2.6-1.fc20.1,libmikmod-3.3.6-3.fc20,minimodem-0.19-3.fc20,sidplayfp-1.2.0-2.fc20,xmp-4.0.7-2.fc20,gqrx-2.2.0-6.fc20,cinnamon-settings-daemon-2.2.4-2.fc20,cinnamon-control-center-2.2.10-1.fc20.1,cinnamon-2.2.14-5.fc20,phonon-4.7.2-1.fc20.1,qt-mobility-1.2.2-0.16.20140317git169da60c.fc20,fluidsynth-1.1.6-4.fc20,ffgtk-0.8.6-7.fc20,pulseaudio-5.0-7.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8458/gd-2.1.0-6.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8495/drupal6-6.32-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8581/phpMyAdmin-4.2.6-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8358/openldap-2.4.39-4.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8438/realmd-0.14.6-5.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8572/systemd-208-20.fc20 The following builds have been pushed to Fedora 20 updates-testing Panini-0.71.104-1.fc20 coan-5.2-2.fc20 homebank-4.6.1-1.fc20 mate-themes-1.8.2-0.1.git20140622.21d58f8.fc20 mate-themes-extras-1.8.2-1.fc20 php-Metadata-1.5.1-1.fc20 php-gitter-0.3.0-1.fc20 php-gliph-0.1.6-1.fc20 phpMyAdmin-4.2.6-1.fc20 sugar-words-21-1.fc20 systemd-208-20.fc20 xfce4-whiskermenu-plugin-1.4.0-1.fc20 Details about builds: ================================================================================ Panini-0.71.104-1.fc20 (FEDORA-2014-8579) A tool for creating perspective views from panoramic and wide angle images -------------------------------------------------------------------------------- Update Information: * Update to new release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 20 2014 Ankur Sinha <ankursinha AT fedoraproject DOT org> 0.71.104-1 - Updated to latest upstream release * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.71.103-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1032381 - Panini-0.71.104 is available https://bugzilla.redhat.com/show_bug.cgi?id=1032381 -------------------------------------------------------------------------------- ================================================================================ coan-5.2-2.fc20 (FEDORA-2014-8569) A command line tool for simplifying the pre-processor conditionals in source code -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream version, fixes rhbz #925162, #992071 and #902927 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat May 24 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 5.2-1 - Rebuilt for new upstream version, fixes rhbz #925162, #992071 and #902927 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.1.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri Jan 25 2013 Jonathan G. Underwood <jonathan.underwood@xxxxxxxxx> - 5.1.2-1 - Update to version 5.1.2 -------------------------------------------------------------------------------- ================================================================================ homebank-4.6.1-1.fc20 (FEDORA-2014-8567) Free easy personal accounting for all -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream version 4.6.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 26 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 4.6.1-1 - Rebuilt for new upstream version 4.6.1 * Mon Jun 23 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 4.6-1 - Rebuilt for new upstream version 4.6, spec cleanup * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.5.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108055 - homebank-4.6beta is available https://bugzilla.redhat.com/show_bug.cgi?id=1108055 -------------------------------------------------------------------------------- ================================================================================ mate-themes-1.8.2-0.1.git20140622.21d58f8.fc20 (FEDORA-2014-8573) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: - update to git snapshot from 2014-06-22 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.2-0.1.git21d58f8 - update to git snapshot from 2014-06-22 -------------------------------------------------------------------------------- ================================================================================ mate-themes-extras-1.8.2-1.fc20 (FEDORA-2014-8584) Extra gtk-2/3 themes for gtk based desktops -------------------------------------------------------------------------------- Update Information: - update to 1.8.2 release -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.2-1 - update to 1.8.2 release -------------------------------------------------------------------------------- ================================================================================ php-Metadata-1.5.1-1.fc20 (FEDORA-2014-8574) A library for class/method/property metadata management in PHP -------------------------------------------------------------------------------- Update Information: ### Updated to [1.5.1](https://github.com/schmittjoh/metadata/releases/tag/1.5.1) * Fixes a performance regression * RPM: Added `php-composer(jms/metadata)` virtual provide * RPM: Added option to build without tests (`--without tests`) -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.5.1-1 - Updated to 1.5.1 (BZ #1119425) - Added "php-composer(jms/metadata)" virtual provide - Added option to build without tests ("--without tests") * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 30 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.5.0-2 - Updated dependencies to match newly available pkgs -- php-pear(pear.doctrine-project.org/DoctrineCommon) => php-doctrine-cache (cache separated out from common) -- php-pear(pear.symfony.com/DependencyInjection) => php-symfony-dependencyinjection - Doctrine cache required instead of just build requirement -------------------------------------------------------------------------------- References: [ 1 ] Bug #1119425 - php-Metadata-1.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1119425 -------------------------------------------------------------------------------- ================================================================================ php-gitter-0.3.0-1.fc20 (FEDORA-2014-8566) Object oriented interaction with Git repositories -------------------------------------------------------------------------------- Update Information: ### Updated to [0.3.0](https://github.com/klaussilveira/gitter/releases/tag/0.3.0) * See [git diff](https://github.com/klaussilveira/gitter/compare/786e86a54121d1bb3c768e6bc93e37e431aa6264...0.3.0) for changes since last RPM release * RPM: Added `php-composer(klaussilveira/gitter)` virtual provide * RPM: Added option to build without tests (`--without tests`) -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.3.0-1 - Updated to 0.3.0 (BZ #1101229) - Added "php-composer(klaussilveira/gitter)" virtual provide - Added option to build without tests ("--without tests") * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.0-3.20131206git786e86a - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1101229 - php-gitter-0.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1101229 -------------------------------------------------------------------------------- ================================================================================ php-gliph-0.1.6-1.fc20 (FEDORA-2014-8575) A graph library for PHP -------------------------------------------------------------------------------- Update Information: ### Updated to [0.1.6](https://github.com/sdboyer/gliph/releases/tag/0.1.6) * Shorten edge-adders, and reduce duplicate membership checks -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.1.6-1 - Updated to 0.1.6 (BZ #1119424) - Added "php-composer(sdboyer/gliph)" virtual provide * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1119424 - php-gliph-0.1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1119424 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.2.6-1.fc20 (FEDORA-2014-8581) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.2.6.0 (2014-07-17) =============================== - Undefined index warning with referenced column. - $cfg['MaxExactCount'] is ignored when BROWSING is back - Multi Column sorting (improved user experience) - Server validation does not work while in setup/mysqli - Undefined variable when grid editing a foreign key column - mult_submits.inc.php Undefined variable Error - Sorting breaks the copy column feature - Javascript error when renaming table - 'New window' link (selflink) disappears, causing Javascript error - Incorrect detection of privileges for routine creation - First few characters of database name aren't clickable when expanded - [security] XSS injection due to unescaped table comment - [security] XSS injection due to unescaped table name (triggers) - [security] XSS in AJAX confirmation messages - [security] Missing validation for accessing User groups feature phpMyAdmin 4.2.5.0 (2014-06-26) =============================== - shell_exec() has been disabled for security reasons - Error while submitting empty query - Fatal error: Class 'PMA_DatabaseInterface' not found - Fixed cookie based login for installations without mcrypt - incorrect result count when having clause is used - mcrypt: remove the requirement (64-bit) and the related warning phpMyAdmin 4.2.4.0 (2014-06-20) =============================== - Mediawiki export does not produce table header row; also fix related PHP warnings - New lines are added to query every time - Fatal error on SQL Export of join query - Dump binary columns in hexadecimal notation not working - Regenerate cookie encryption IV for every session - Cannot import (open_basedir): fix another case - SQL tab - Insert queries not showing affected row count - Missing warning about existing account, on multi-server config - WHERE clause can be undefined - SQL export views as tables option getting ignored - [security] XSS injection due to unescaped db/table name in navigation hiding - [security] XSS injection due to unescaped db/table name in recent/favorite tables phpMyAdmin 4.2.3.0 (2014-06-08) =============================== - Moving fields not working - Table indexes disappear after altering field - Error while displaying chart at server level - Cannot import (open_basedir) - Problem copying constraints (such as Sakila) - Missing privileges submenu - Drop db confirmation message when dropping a user - Insert form numeric field with function drop-down list - Problems due to missing enforcement of the minimum supported MySQL version - Add enforcement of the minimum supported PHP version (5.3.0) - Query error on submitting a column change form containing a disabled input field - Incorrect menu tab generation from usergroups - Missing space in index creation/edit generated query - Unchecking 'Show SQL queries' results NaN phpMyAdmin 4.2.2.0 (2014-05-20) =============================== - Disable database expansion when enabled throws Error 500 when database name is clicked in navigation tree - table display of performance_schema DB structure - Protect Binary Columns: many problems - BLOB link transformation is broken - Respect ['ShowCreateDb'] in the navi panel - Cannot see databases in nav panel on databases grouping when disabled database expansion - No more calendar into search tab - Monitor should fit into screen width - When copying databases, primary key attributes get lost - empty maxInputVars on js/messages.php phpMyAdmin 4.2.1.0 (2014-05-13) =============================== - Cannot display table structure with enums containing special characters - Cannot remove the last remembered sorted column - Correctly fetch length of user and host fields in MySQL tables - examples/signon.php does not support the SessionSavePath directive - Missing source for OpenLayers library - Incorrect attributes for number fields - Cannot update values in Zoom search - GIS Visualization Extension does not work with PointFromText() function - Incorrect "Rows" total shown when truncating or dropping a table on DB Structure page - Grid edit on sorted columns fails - Null checkbox covering data input when editing - Data type changing by itself (no size but attribute present) phpMyAdmin 4.2.0.0 (2014-05-08) =============================== - Export only triggers - Export Server/Database/Table without triggers - Add table comment tool tip in database structure page - Single table for display Character Sets and Collations - Display icons/text/both for the table row actions - Transformation to convert Boolean value to text - Changing users password will delete it - Text transformation combines Append and Prepend - Added warning about the mysql extension being deprecated and removed the extension directive - Added support for scatter charts - Make Column Headings Sticky - Enhance privileges initials table - [interface] Break "Edit privileges" with sub-menus - Minor refactoring required - Create indexes at the end in SQL export - Relations edit form for larger monitors - Inline query box vertical resize - [interface] Add bottom border to top menu container - Add datepicker for 'TIME' type - HTTP Referer disclosure in SQL links - Show full names on navigation hover - Behaviour on click on a routine in nav panel - Support more than one separating character on CSV import - Load/Save Query By Example - Grid edit ENUM field, dialog disappears when trying to select - DB export using zip compression generates an empty archive - confirmation message at the top - breadcrubs wrong on table create - better validate database name for copying - Database tab "Drop" button should be a link - Highlight required form fields after failed submission - Redirect to login page after session has expired - Grid edit: can't change month on date fields - add maxlength by field with length-spec - Import happily doesn't do anything with no file name provided - Add function to all the insert boxes automatically - Option to skip tables larger than n - Possibility of disabling database expansion - Favourite tables select box - $cfg['CharEditing']='textarea' for structure edit - Avoid editing of fields which are part of relation - [interface] Highlight active left menu item in setup - Filter on-screen rows during Browse - Removed support for SQL Validator (SOAP service no longer offered) - Settings > Manage: incorrect messages - "More" in Actions area doesn't collapse to fit available space - Group two DB, one's name is the prefix of the other one - Confusing database/table grouping - Creating Index doesn't update index-list -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.2.6-1 - Upgrade to 4.2.6 (#548260, #959946, #989660, #989668, #993613 and #1000261, #1067713, #1110877, #1117600, #1117601) - Switch from HTTP- to cookie-based authentication (for php-fpm) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5.8.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Dec 12 2013 Ville Skyttä <ville.skytta@xxxxxx> - 3.5.8.2-2 - Fix paths to changelog and license when doc dir is unversioned (#994036). - Fix source URL, use xz compressed tarball. -------------------------------------------------------------------------------- References: [ 1 ] Bug #989660 - CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 phpMyAdmin: Multiple full path disclosure flaws (PMASA-2013-12) https://bugzilla.redhat.com/show_bug.cgi?id=989660 [ 2 ] Bug #989668 - CVE-2013-5003 phpMyAdmin: SQL injection leading to 'control user' role privilege escalation (PMASA-2013-15) https://bugzilla.redhat.com/show_bug.cgi?id=989668 [ 3 ] Bug #993613 - CVE-2013-5029 phpMyAdmin: ClickJacking protection can be bypassed (PMASA-2013-10) https://bugzilla.redhat.com/show_bug.cgi?id=993613 [ 4 ] Bug #1067713 - CVE-2014-1879 phpMyAdmin: XSS in import.php https://bugzilla.redhat.com/show_bug.cgi?id=1067713 [ 5 ] Bug #1117600 - CVE-2014-4348 phpMyAdmin: Self-XSS due to unescaped HTML output in recent/favorite tables navigation https://bugzilla.redhat.com/show_bug.cgi?id=1117600 [ 6 ] Bug #1117601 - CVE-2014-4349 phpMyAdmin: Self-XSS due to unescaped HTML output in navigation items hiding feature https://bugzilla.redhat.com/show_bug.cgi?id=1117601 -------------------------------------------------------------------------------- ================================================================================ sugar-words-21-1.fc20 (FEDORA-2014-8576) A multi lingual dictionary with speech synthesis -------------------------------------------------------------------------------- Update Information: version 21 release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 20 2014 Kalpa Welivitigoda <callkalpa@xxxxxxxxx> - 21-1 - version 21 release * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 19-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ systemd-208-20.fc20 (FEDORA-2014-8572) A System and Service Manager -------------------------------------------------------------------------------- Update Information: Make it easier to apply sysctl settings, virtual console font fixes, man page updates, hardware database update, improved XZ compression settings, "watch" chassis type, "ID_SOFTWARE_RADIO" udev tag, SocketUser/SocketGroup .socket settings. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 208-20 - Make it easier to apply sysctl settings delaying systemd-sysctl.service after modules have been loaded - Terminal font loading fixes - Man page updates (#1022977) - Hardware database update - Journal XZ compression settings updated for speed - Add "watch" as new chassis type - Add udev tag "ID_SOFTWARE_RADIO" to allow access for users - SocketUser and SocketGroup settings backported from v214 (#1119282) - Other small tweaks (#996133) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1022977 - DOC: document that sysctl variables for loadable modules must be set using udev rules https://bugzilla.redhat.com/show_bug.cgi?id=1022977 [ 2 ] Bug #1119282 - [Regression] Unable to run docker client as non-root user https://bugzilla.redhat.com/show_bug.cgi?id=1119282 [ 3 ] Bug #996133 - misleading and useless error message https://bugzilla.redhat.com/show_bug.cgi?id=996133 -------------------------------------------------------------------------------- ================================================================================ xfce4-whiskermenu-plugin-1.4.0-1.fc20 (FEDORA-2014-8578) An alternate application launcher for Xfce -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream release 1.4.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 1.4.0-1 - Rebuilt for new upstream release 1.4.0 * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
