Resolved Bugs
1203205 – CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [epel-6]
1190119 – CVE-2015-1493 moodle: Directory Traversal Attack possible through some files serving JS (MSA-15-0009) [fedora-all]
1203203 – CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [fedora-all]<br
Update to latest versions of the respective branches. f20 has been updated from 2.5.x to 2.6.x because 2.5.x is EOL.

Resolved Bugs
1204890 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [fedora-all]
1204889 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution
1204891 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [epel-all]<br
Fix for CVE-2014-9706 (rhbz#1204889, rhbz#1204890, and rhbz#1204891)

Resolved Bugs
1204795 – qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode
1204796 – qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode [fedora-all]<br
QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode.

Resolved Bugs
1112497 – Please update to librest 0.7.91 in f20
1204682 – rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url [fedora-all]<br
CVE-2015-2675 rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url

Resolved Bugs
1204676 – CVE-2015-2331 php: libzip: integer overflow when processing ZIP archives
1204678 – CVE-2015-2331 mingw-libzip: php: libzip: integer overflow when processing ZIP archives [fedora-all]<br
Security fix for CVE-2015-2331.

Resolved Bugs
1205122 – drupal webform: multiple XSS flaws
1199067 – drupal7-webform-4.5 is available
1150458 – drupal7-webform-4.2 is available
1205125 – drupal7-webform: drupal webform: multiple XSS flaws [fedora-all]
1193356 – drupal7-webform-4.3 is available<br
– Security fix for drupal7-webform module
– Upstream release notes: https://www.drupal.org/node/2457219
– Release notes can be found at https://www.drupal.org/node/2454063
– Update to 4.3
– Release notes can be found at https://www.drupal.org/node/2427257
– Update to 4.2
– Release notes can be found at https://www.drupal.org/node/2381793

Resolved Bugs
1204889 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution
1204890 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [fedora-all]
1204891 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [epel-all]<br
Fix for CVE-2014-9706 (rhbz#1204889, rhbz#1204890, and rhbz#1204891)

Resolved Bugs
1201774 – CVE-2015-0778 osc: osc _service file shell injection flaw [fedora-all]
1201773 – CVE-2015-0778 osc: osc _service file shell injection flaw<br
Security fix for CVE-2015-0778

Resolved Bugs
1204795 – qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode<br
QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode.

Resolved Bugs
1204676 – CVE-2015-2331 php: libzip: integer overflow when processing ZIP archives
1204677 – CVE-2015-2331 php: libzip: integer overflow when processing ZIP archives [fedora-all]<br
CVE-2015-2331: integer overflow when processing ZIP archives (#1204676,#1204677)