Fedora alert FEDORA-2014-11348 (kdelibs)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 19 Update: kdelibs-4.11.5-5.fc19 | |
| Date: | Fri, 10 Oct 2014 15:56:37 +0000 | |
| Message-ID: | <20141010155638.8C41C2261A@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-11348 2014-09-25 09:23:16 -------------------------------------------------------------------------------- Name : kdelibs Product : Fedora 19 Version : 4.11.5 Release : 5.fc19 URL : http://www.kde.org/ Summary : KDE Libraries Description : Libraries for KDE 4. -------------------------------------------------------------------------------- Update Information: The update has a fix for CVE-2014-5033, KAuth was calling PolicyKit 1 (polkit) in an insecure way. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 23 2014 Than Ngo <than@redhat.com> - 6:4.11.5-5 - security fix CVE-2014-5033 * Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.5-4 - Provides: kdelibs4-webkit ... * Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.5-3 - POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494) * Sun Feb 16 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> - 6:4.11.5-2 - Plasma PackageKit integration: fix plasmapkg to not query Plasma for available script engines if component is not Plasma/*, but e.g. KWin/Script (#1065688) * Fri Jan 3 2014 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.5-1 - 4.11.5 * Thu Dec 12 2013 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.4-1 - 4.11.4 * Mon Dec 9 2013 Kevin Kofler <Kevin@tigcc.ticalc.org> - 6:4.11.3-9 - drop autostart-debug patch * Mon Dec 9 2013 Kevin Kofler <Kevin@tigcc.ticalc.org> - 6:4.11.3-8 - drop klauncher-timeout patch that did not help - set QT_NO_GLIB in klauncher_main.cpp as a possible fix/workaround for #983110 * Sat Dec 7 2013 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.3-7 - avoid possible crasher in autostart-debug.patch * Sat Dec 7 2013 Kevin Kofler <Kevin@tigcc.ticalc.org> - 6:4.11.3-6 - increase KLauncher timeout as a possible fix/workaround for #983110 * Fri Dec 6 2013 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.3-5 - respin autostart debuging patch - %check: support regression tests (default off) * Fri Dec 6 2013 Rex Dieter <rdieter@fedoraproject.org> 6:4.11.3-4 - add some autostart debugging * Mon Dec 2 2013 Than Ngo <than@redhat.com> - 6:4.11.3-3 - add the arm's check in kdelibs * Mon Dec 2 2013 Than Ngo <than@redhat.com> - 6:4.11.3-2 - add workaround for bz#969524 * Fri Nov 1 2013 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.3-1 - 4.11.3 * Sat Oct 19 2013 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.2-3 - followup upstream mimetypes fix * Fri Oct 18 2013 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.2-2 - backport a few upstream fixes * Sat Sep 28 2013 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.2-1 - 4.11.2 * Mon Sep 23 2013 Rex Dieter <rdieter@fedoraproject.org> - 6:4.11.1-4 - kded4 leak sockets when wifi connections fail (kde#324954) - use upstreamed Samba patch - Wrong timestamp on files copied (kde#55804) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1094890 - CVE-2014-5033 polkit-qt: insecure calling of polkit https://bugzilla.redhat.com/show_bug.cgi?id=1094890 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kdelibs' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...