Resolved Bugs
1112497 – Please update to librest 0.7.91 in f20
1204682 – rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url [fedora-all]<br
CVE-2015-2675 rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url

Resolved Bugs
1204677 – CVE-2015-2331 php: libzip: integer overflow when processing ZIP archives [fedora-all]
1204676 – CVE-2015-2331 php: libzip: integer overflow when processing ZIP archives<br
CVE-2015-2331: integer overflow when processing ZIP archives (#1204676,#1204677)

Resolved Bugs
1204676 – CVE-2015-2331 php: libzip: integer overflow when processing ZIP archives
1204678 – CVE-2015-2331 mingw-libzip: php: libzip: integer overflow when processing ZIP archives [fedora-all]<br
Security fix for CVE-2015-2331.

Resolved Bugs
1204798 – mingw-qt5-qtwebkit: qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode [fedora-all]<br
Update to Qt 5.4.1

Resolved Bugs
1205125 – drupal7-webform: drupal webform: multiple XSS flaws [fedora-all]
1205122 – drupal webform: multiple XSS flaws
1199067 – drupal7-webform-4.5 is available<br
– Security fix for drupal7-webform module
– Upstream release notes: https://www.drupal.org/node/2457219
– Release notes can be found at https://www.drupal.org/node/2454063

Resolved Bugs
1203205 – CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [epel-6]
1190119 – CVE-2015-1493 moodle: Directory Traversal Attack possible through some files serving JS (MSA-15-0009) [fedora-all]
1203203 – CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [fedora-all]<br
Update to latest versions of the respective branches. f20 has been updated from 2.5.x to 2.6.x because 2.5.x is EOL.

Resolved Bugs
1205130 – quassel: incorrect message splitting leading to DoS
1205131 – quassel: incorrect message splitting leading to DoS [fedora-all]<br
Security fix BZ1205130 – patch for CTCP Denial of Service

Resolved Bugs
1204889 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution
1204890 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [fedora-all]
1204891 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [epel-all]<br
Fix for CVE-2014-9706 (rhbz#1204889, rhbz#1204890, and rhbz#1204891)

Resolved Bugs
1203614 – CVE-2015-2316 python-django: Django: possible denial of service in strip_tags() [fedora-all]
1203616 – CVE-2015-2317 python-django: Django: possible XSS attack via user-supplied redirect URLs [fedora-all]<br
modernize spec for python3

Resolved Bugs
1205125 – drupal7-webform: drupal webform: multiple XSS flaws [fedora-all]
1193356 – drupal7-webform-4.3 is available
1205122 – drupal webform: multiple XSS flaws
1199067 – drupal7-webform-4.5 is available
1150458 – drupal7-webform-4.2 is available<br
– Security fix for drupal7-webform module
– Upstream release notes: https://www.drupal.org/node/2457219
– Release notes can be found at https://www.drupal.org/node/2454063
– Update to 4.3
– Release notes can be found at https://www.drupal.org/node/2427257
– Update to 4.2
– Release notes can be found at https://www.drupal.org/node/2381793