Resolved Bugs
1169369 – CVE-2014-9130 libyaml: assert failure when processing wrapped strings
1169750 – CVE-2014-9130 perl-YAML-LibYAML: libyaml: assert failure when processing wrapped strings [fedora-all]<br
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

Resolved Bugs
1169699 – CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962

Resolved Bugs
1169698 – CVE-2014-9028 CVE-2014-8962 flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962

Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b

Resolved Bugs
1169665 – CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]
1169666 – CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[] [fedora-all]<br
Security fix for CVE-2014-8123

New Firefox release – 34.0.

Resolved Bugs
1115636 – CVE-2014-3533 CVE-2014-3532 dbus: various flaws [fedora-all]
1142581 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]
1140523 – CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
1140525 – CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
1140527 – CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
1140529 – CVE-2014-3638 dbus: denial of service in method call handling
1140532 – CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling
1114414 – CVE-2014-3532 dbus: denial of service in file descriptor passing feature
1114416 – CVE-2014-3533 dbus: denial of service when forwarding invalid file descriptors<br
Update to 1.6.28

Resolved Bugs
1167571 – CVE-2014-9112 cpio: heap-based buffer overflow flaw in list_file()
1167573 – cpio: heap-based buffer overflow flaw in list_file() [fedora-all]<br
Security fix for CVE-2014-9112 (#1167573)

Resolved Bugs
1169699 – CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962

Resolved Bugs
1165626 – Heap overflow while matching against an expression with an assertion with a zero minimum repeat as the condition in a conditional group.
1166147 – CVE-2014-8964 pcre: incorrect handling of zero-repeat assertion conditions<br
This release fixes CVE-2014-8964 (an unused memory usage on zero-repeat assertion condition)