This version of Mojolicious fixes an assumption in CGI’s parameter handling that can result in parameter injection attacks.

This version of Mojolicious fixes an assumption in CGI’s parameter handling that can result in parameter injection attacks.

Resolved Bugs
1059947 – CVE-2014-1833 devscripts: directory traversal flaw in uupdate
1059948 – devscripts: directory traversal flaw in uupdate [fedora-20]<br
Update to version 2.14.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.

Resolved Bugs
1147917 – CVE-2014-7300 gnome-shell: lockscreen bypass with printscreen key
1149039 – gnome-shell: lockscreen bypass with printscreen key [fedora-all]<br
Security fix for lock screen circumvention by consecutive screenshot requests triggering OOM situation

Resolved Bugs
1101346 – CVE-2014-3248 puppet: Ruby modules could be loaded from the current working directory
1114902 – CVE-2014-3248 facter: puppet: Ruby modules could be loaded from the current working directory [fedora-20]<br
Update to 1.7.6 for bz#1107891 and CVE-2014-3248
See http://puppetlabs.com/security/cve/cve-2014-3248 for more
information upstream.

Resolved Bugs
1101346 – CVE-2014-3248 puppet: Ruby modules could be loaded from the current working directory
1107891 – CVE-2014-3248 facter: puppet: Ruby modules could be loaded from the current working directory [fedora-19]<br
Patch facter 1.6 series for Bug 1107891 – CVE-2014-3248
See http://puppetlabs.com/security/cve/cve-2014-3248 for more
information from upstream.