The following Fedora 19 Security updates need testing: Age URL 268 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 80 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19 60 https://admin.fedoraproject.org/updates/FEDORA-2014-6553/chicken-4.8.0.6-2.fc19 58 https://admin.fedoraproject.org/updates/FEDORA-2014-6597/drupal7-views-3.8-1.fc19 37 https://admin.fedoraproject.org/updates/FEDORA-2014-7322/thunderbird-24.6.0-1.fc19 31 https://admin.fedoraproject.org/updates/FEDORA-2014-7496/readline-6.2-8.fc19 30 https://admin.fedoraproject.org/updates/FEDORA-2014-7570/asterisk-11.10.2-2.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2014-6774/claws-mail-3.10.1-1.fc19,claws-mail-plugins-3.10.0-1.fc19,libetpan-1.5-1.fc19 29 https://admin.fedoraproject.org/updates/FEDORA-2014-7610/perl-Email-Address-1.905-1.fc19 25 https://admin.fedoraproject.org/updates/FEDORA-2014-7716/python-simplejson-3.5.3-1.fc19 20 https://admin.fedoraproject.org/updates/FEDORA-2014-7939/lzo-2.08-1.fc19 15 https://admin.fedoraproject.org/updates/FEDORA-2014-8089/rubygem-activerecord-3.2.13-2.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-8223/libXfont-1.4.8-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-7645/couchdb-1.6.0-9.fc19,erlang-ibrowse-4.0.1-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2014-7889/zarafa-7.1.10-2.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-8328/python-bottle-0.12.6-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-8332/transmission-2.84-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8352/cups-1.6.4-6.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8443/mosquitto-1.3.2-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8402/ipython-0.13.2-4.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8395/java-1.7.0-openjdk-1.7.0.65-2.5.1.2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-8441/java-1.8.0-openjdk-1.8.0.11-1.b12.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8487/kernel-3.14.13-100.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8545/cobbler-2.6.3-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8515/drupal7-7.29-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8528/sdcc-3.3.0-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8564/dpkg-1.16.15-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8488/drupal6-6.32-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8176/krb5-1.11.3-23.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8577/phpMyAdmin-4.2.6-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-8571/homebank-4.6.1-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 216 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 142 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-8202/fontconfig-2.10.93-2.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-8223/libXfont-1.4.8-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-8256/langtable-0.0.25-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8360/pcre-8.32-10.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8352/cups-1.6.4-6.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-8338/curl-7.29.0-21.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8487/kernel-3.14.13-100.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-8176/krb5-1.11.3-23.fc19 The following builds have been pushed to Fedora 19 updates-testing Panini-0.71.104-1.fc19 homebank-4.6.1-1.fc19 php-Metadata-1.5.1-1.fc19 php-gitter-0.3.0-1.fc19 php-gliph-0.1.6-1.fc19 phpMyAdmin-4.2.6-1.fc19 sugar-words-21-1.fc19 xfce4-whiskermenu-plugin-1.4.0-1.fc19 Details about builds: ================================================================================ Panini-0.71.104-1.fc19 (FEDORA-2014-8568) A tool for creating perspective views from panoramic and wide angle images -------------------------------------------------------------------------------- Update Information: * Update to new release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 20 2014 Ankur Sinha <ankursinha AT fedoraproject DOT org> 0.71.104-1 - Updated to latest upstream release * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.71.103-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Aug 2 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.71.103-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1032381 - Panini-0.71.104 is available https://bugzilla.redhat.com/show_bug.cgi?id=1032381 -------------------------------------------------------------------------------- ================================================================================ homebank-4.6.1-1.fc19 (FEDORA-2014-8571) Free easy personal accounting for all -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream version 4.6.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 26 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 4.6.1-1 - Rebuilt for new upstream version 4.6.1 * Mon Jun 23 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 4.6-1 - Rebuilt for new upstream version 4.6, spec cleanup * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.5.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108055 - homebank-4.6beta is available https://bugzilla.redhat.com/show_bug.cgi?id=1108055 -------------------------------------------------------------------------------- ================================================================================ php-Metadata-1.5.1-1.fc19 (FEDORA-2014-8585) A library for class/method/property metadata management in PHP -------------------------------------------------------------------------------- Update Information: ### Updated to [1.5.1](https://github.com/schmittjoh/metadata/releases/tag/1.5.1) * Fixes a performance regression * RPM: Added `php-composer(jms/metadata)` virtual provide * RPM: Added option to build without tests (`--without tests`) -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.5.1-1 - Updated to 1.5.1 (BZ #1119425) - Added "php-composer(jms/metadata)" virtual provide - Added option to build without tests ("--without tests") * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 30 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.5.0-2 - Updated dependencies to match newly available pkgs -- php-pear(pear.doctrine-project.org/DoctrineCommon) => php-doctrine-cache (cache separated out from common) -- php-pear(pear.symfony.com/DependencyInjection) => php-symfony-dependencyinjection - Doctrine cache required instead of just build requirement -------------------------------------------------------------------------------- References: [ 1 ] Bug #1119425 - php-Metadata-1.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1119425 -------------------------------------------------------------------------------- ================================================================================ php-gitter-0.3.0-1.fc19 (FEDORA-2014-8580) Object oriented interaction with Git repositories -------------------------------------------------------------------------------- Update Information: ### Updated to [0.3.0](https://github.com/klaussilveira/gitter/releases/tag/0.3.0) * See [git diff](https://github.com/klaussilveira/gitter/compare/786e86a54121d1bb3c768e6bc93e37e431aa6264...0.3.0) for changes since last RPM release * RPM: Added `php-composer(klaussilveira/gitter)` virtual provide * RPM: Added option to build without tests (`--without tests`) -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.3.0-1 - Updated to 0.3.0 (BZ #1101229) - Added "php-composer(klaussilveira/gitter)" virtual provide - Added option to build without tests ("--without tests") * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.0-3.20131206git786e86a - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1101229 - php-gitter-0.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1101229 -------------------------------------------------------------------------------- ================================================================================ php-gliph-0.1.6-1.fc19 (FEDORA-2014-8583) A graph library for PHP -------------------------------------------------------------------------------- Update Information: ### Updated to [0.1.6](https://github.com/sdboyer/gliph/releases/tag/0.1.6) * Shorten edge-adders, and reduce duplicate membership checks -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.1.6-1 - Updated to 0.1.6 (BZ #1119424) - Added "php-composer(sdboyer/gliph)" virtual provide * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1119424 - php-gliph-0.1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1119424 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.2.6-1.fc19 (FEDORA-2014-8577) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.2.6.0 (2014-07-17) =============================== - Undefined index warning with referenced column. - $cfg['MaxExactCount'] is ignored when BROWSING is back - Multi Column sorting (improved user experience) - Server validation does not work while in setup/mysqli - Undefined variable when grid editing a foreign key column - mult_submits.inc.php Undefined variable Error - Sorting breaks the copy column feature - Javascript error when renaming table - 'New window' link (selflink) disappears, causing Javascript error - Incorrect detection of privileges for routine creation - First few characters of database name aren't clickable when expanded - [security] XSS injection due to unescaped table comment - [security] XSS injection due to unescaped table name (triggers) - [security] XSS in AJAX confirmation messages - [security] Missing validation for accessing User groups feature phpMyAdmin 4.2.5.0 (2014-06-26) =============================== - shell_exec() has been disabled for security reasons - Error while submitting empty query - Fatal error: Class 'PMA_DatabaseInterface' not found - Fixed cookie based login for installations without mcrypt - incorrect result count when having clause is used - mcrypt: remove the requirement (64-bit) and the related warning phpMyAdmin 4.2.4.0 (2014-06-20) =============================== - Mediawiki export does not produce table header row; also fix related PHP warnings - New lines are added to query every time - Fatal error on SQL Export of join query - Dump binary columns in hexadecimal notation not working - Regenerate cookie encryption IV for every session - Cannot import (open_basedir): fix another case - SQL tab - Insert queries not showing affected row count - Missing warning about existing account, on multi-server config - WHERE clause can be undefined - SQL export views as tables option getting ignored - [security] XSS injection due to unescaped db/table name in navigation hiding - [security] XSS injection due to unescaped db/table name in recent/favorite tables phpMyAdmin 4.2.3.0 (2014-06-08) =============================== - Moving fields not working - Table indexes disappear after altering field - Error while displaying chart at server level - Cannot import (open_basedir) - Problem copying constraints (such as Sakila) - Missing privileges submenu - Drop db confirmation message when dropping a user - Insert form numeric field with function drop-down list - Problems due to missing enforcement of the minimum supported MySQL version - Add enforcement of the minimum supported PHP version (5.3.0) - Query error on submitting a column change form containing a disabled input field - Incorrect menu tab generation from usergroups - Missing space in index creation/edit generated query - Unchecking 'Show SQL queries' results NaN phpMyAdmin 4.2.2.0 (2014-05-20) =============================== - Disable database expansion when enabled throws Error 500 when database name is clicked in navigation tree - table display of performance_schema DB structure - Protect Binary Columns: many problems - BLOB link transformation is broken - Respect ['ShowCreateDb'] in the navi panel - Cannot see databases in nav panel on databases grouping when disabled database expansion - No more calendar into search tab - Monitor should fit into screen width - When copying databases, primary key attributes get lost - empty maxInputVars on js/messages.php phpMyAdmin 4.2.1.0 (2014-05-13) =============================== - Cannot display table structure with enums containing special characters - Cannot remove the last remembered sorted column - Correctly fetch length of user and host fields in MySQL tables - examples/signon.php does not support the SessionSavePath directive - Missing source for OpenLayers library - Incorrect attributes for number fields - Cannot update values in Zoom search - GIS Visualization Extension does not work with PointFromText() function - Incorrect "Rows" total shown when truncating or dropping a table on DB Structure page - Grid edit on sorted columns fails - Null checkbox covering data input when editing - Data type changing by itself (no size but attribute present) phpMyAdmin 4.2.0.0 (2014-05-08) =============================== - Export only triggers - Export Server/Database/Table without triggers - Add table comment tool tip in database structure page - Single table for display Character Sets and Collations - Display icons/text/both for the table row actions - Transformation to convert Boolean value to text - Changing users password will delete it - Text transformation combines Append and Prepend - Added warning about the mysql extension being deprecated and removed the extension directive - Added support for scatter charts - Make Column Headings Sticky - Enhance privileges initials table - [interface] Break "Edit privileges" with sub-menus - Minor refactoring required - Create indexes at the end in SQL export - Relations edit form for larger monitors - Inline query box vertical resize - [interface] Add bottom border to top menu container - Add datepicker for 'TIME' type - HTTP Referer disclosure in SQL links - Show full names on navigation hover - Behaviour on click on a routine in nav panel - Support more than one separating character on CSV import - Load/Save Query By Example - Grid edit ENUM field, dialog disappears when trying to select - DB export using zip compression generates an empty archive - confirmation message at the top - breadcrubs wrong on table create - better validate database name for copying - Database tab "Drop" button should be a link - Highlight required form fields after failed submission - Redirect to login page after session has expired - Grid edit: can't change month on date fields - add maxlength by field with length-spec - Import happily doesn't do anything with no file name provided - Add function to all the insert boxes automatically - Option to skip tables larger than n - Possibility of disabling database expansion - Favourite tables select box - $cfg['CharEditing']='textarea' for structure edit - Avoid editing of fields which are part of relation - [interface] Highlight active left menu item in setup - Filter on-screen rows during Browse - Removed support for SQL Validator (SOAP service no longer offered) - Settings > Manage: incorrect messages - "More" in Actions area doesn't collapse to fit available space - Group two DB, one's name is the prefix of the other one - Confusing database/table grouping - Creating Index doesn't update index-list -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.2.6-1 - Upgrade to 4.2.6 (#548260, #959946, #989660, #989668, #993613 and #1000261, #1067713, #1110877, #1117600, #1117601) - Switch from HTTP- to cookie-based authentication (for php-fpm) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5.8.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Dec 12 2013 Ville Skyttä <ville.skytta@xxxxxx> - 3.5.8.2-2 - Fix paths to changelog and license when doc dir is unversioned (#994036). - Fix source URL, use xz compressed tarball. -------------------------------------------------------------------------------- References: [ 1 ] Bug #989660 - CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 phpMyAdmin: Multiple full path disclosure flaws (PMASA-2013-12) https://bugzilla.redhat.com/show_bug.cgi?id=989660 [ 2 ] Bug #989668 - CVE-2013-5003 phpMyAdmin: SQL injection leading to 'control user' role privilege escalation (PMASA-2013-15) https://bugzilla.redhat.com/show_bug.cgi?id=989668 [ 3 ] Bug #993613 - CVE-2013-5029 phpMyAdmin: ClickJacking protection can be bypassed (PMASA-2013-10) https://bugzilla.redhat.com/show_bug.cgi?id=993613 [ 4 ] Bug #1067713 - CVE-2014-1879 phpMyAdmin: XSS in import.php https://bugzilla.redhat.com/show_bug.cgi?id=1067713 [ 5 ] Bug #1117600 - CVE-2014-4348 phpMyAdmin: Self-XSS due to unescaped HTML output in recent/favorite tables navigation https://bugzilla.redhat.com/show_bug.cgi?id=1117600 [ 6 ] Bug #1117601 - CVE-2014-4349 phpMyAdmin: Self-XSS due to unescaped HTML output in navigation items hiding feature https://bugzilla.redhat.com/show_bug.cgi?id=1117601 -------------------------------------------------------------------------------- ================================================================================ sugar-words-21-1.fc19 (FEDORA-2014-8570) A multi lingual dictionary with speech synthesis -------------------------------------------------------------------------------- Update Information: version 21 release -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 20 2014 Kalpa Welivitigoda <callkalpa@xxxxxxxxx> - 21-1 - version 21 release * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 19-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xfce4-whiskermenu-plugin-1.4.0-1.fc19 (FEDORA-2014-8582) An alternate application launcher for Xfce -------------------------------------------------------------------------------- Update Information: Rebuilt for new upstream release 1.4.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 19 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 1.4.0-1 - Rebuilt for new upstream release 1.4.0 * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
