kronolith 4.2.4
* [jan] Make access to non-CalDAV remote calendars faster (Bug #12379).
* [jan] Continue with further events if parsing of one remote event date fails.
* [jan] Fix JS error in month view with more events today than the maximum threshold.
* [mjr] Fix fatal error when creating or modifying an entry via PUT.
* [mjr] Don’t show private event details in daily agenda emails if not the owner (Bug #13660).
Monthly Archives: December 2014
Fedora 21 Security Update: smack-3.2.2-8.fc21
Fedora 21 Security Update: pyxdg-0.25-5.fc21
Fedora 21 Security Update: jasper-1.900.1-28.fc21
Resolved Bugs
1167537 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
1170650 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]<br
Fixes CVE-2014-9029 vulnerability.
Fedora EPEL 7 Security Update: phpMyAdmin-4.2.13.1-1.el7
Resolved Bugs
1170597 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords
1170601 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords [epel-7]
1170604 – CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism
1170606 – CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism [epel-7]<br
phpMyAdmin 4.2.13.1 (2014-12-03)
================================
– [security] XSS vulnerability in redirection mechanism
– [security] DOS attack with long passwords
Fedora EPEL 7 Security Update: llvm-3.4.2-3.el7
Resolved Bugs
1088105 – CVE-2014-2893 llvm: insecure temporary file handling in clang’s scan-build utility<br
Fix for CVE-2014-2893.
Fedora EPEL 6 Security Update: phpMyAdmin-4.0.10.7-1.el6
Fedora EPEL 5 Security Update: icecast-2.4.1-1.el5
Resolved Bugs
1168146 – CVE-2014-9091 icecast: supplementary groups are not overriden
1168147 – CVE-2014-9091 icecast: supplementary groups are not overriden [fedora-all]
1168148 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-5]
1168149 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-6]
1165880 – CVE-2014-9018 icecast: possible leak of on-connect scripts
1165882 – icecast: possible leak of on-connect scripts [fedora-all]
1165883 – icecast: possible leak of on-connect scripts [epel-5]
1165885 – icecast: possible leak of on-connect scripts [epel-6]
954320 – icecast package should be built with PIE flags
1101950 – icecast-2.4.1 is available<br
**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)**
**fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)**
**enabled fully hardened build (#954320)**
* update new to release v2.4.1 (#1101950)
* added doc-subpkg
Fedora EPEL 6 Security Update: icecast-2.4.1-1.el6
Resolved Bugs
1168146 – CVE-2014-9091 icecast: supplementary groups are not overriden
1168147 – CVE-2014-9091 icecast: supplementary groups are not overriden [fedora-all]
1168148 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-5]
1168149 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-6]
1165880 – CVE-2014-9018 icecast: possible leak of on-connect scripts
1165882 – icecast: possible leak of on-connect scripts [fedora-all]
1165883 – icecast: possible leak of on-connect scripts [epel-5]
1165885 – icecast: possible leak of on-connect scripts [epel-6]
954320 – icecast package should be built with PIE flags
1101950 – icecast-2.4.1 is available<br
**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)**
**fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)**
**enabled fully hardened build (#954320)**
* update new to release v2.4.1 (#1101950)
* added doc-subpkg
Fedora EPEL 6 Security Update: php-horde-kronolith-4.2.4-1.el6
kronolith 4.2.4
* [jan] Make access to non-CalDAV remote calendars faster (Bug #12379).
* [jan] Continue with further events if parsing of one remote event date fails.
* [jan] Fix JS error in month view with more events today than the maximum threshold.
* [mjr] Fix fatal error when creating or modifying an entry via PUT.
* [mjr] Don’t show private event details in daily agenda emails if not the owner (Bug #13660).