Resolved Bugs
1204795 – qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode
1204797 – qt5-qtwebkit: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode [epel-all]<br
QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode

Resolved Bugs
1194196 – glpi: privilege escalation via user creation with a crafted POST request
1194198 – glpi: privilege escalation via user creation with a crafted POST request [epel-all]<br
* Fix privilege escalation via user creation with a crafted POST request

Resolved Bugs
1204889 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution
1204890 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [fedora-all]
1204891 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [epel-all]<br
Fix for CVE-2014-9706 (rhbz#1204889, rhbz#1204890, and rhbz#1204891)

Resolved Bugs
1204773 – tor: security fixes in 0.2.4.26 and 0.2.5.11
1204775 – tor: security fixes in 0.2.4.26 and 0.2.5.11 [epel-all]<br
Update to upstream release 0.2.4.26.

Resolved Bugs
1204889 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution
1204890 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [fedora-all]
1204891 – CVE-2014-9706 python-dulwich: arbitrary files allowed to be commited, leading to code execution [epel-all]<br
Fix for CVE-2014-9706 (rhbz#1204889, rhbz#1204890, and rhbz#1204891)

Resolved Bugs
1204823 – owncloud: new security issues fixed upstream in 6.0.7 and 7.0.5 [epel-all]
1204821 – owncloud: new security issues fixed upstream in 6.0.7 and 7.0.5<br
This update provides the new release 7.0.5, which resolves currently undisclosed security vulnerabilities in ownCloud.
It is a minor version update and should apply without any issues or special handling, but as usual, we recommend backing up your data, configuration, and database before updating.
We have also backported a post-7.0.5 fix for a ‘critical’ issue: https://github.com/owncloud/core/issues/14843 .

Resolved Bugs
1203618 – CVE-2015-2317 python-django: Django: possible XSS attack via user-supplied redirect URLs [epel-7]
1202809 – CVE-2015-2316 Django: possible denial of service in strip_tags()
1203615 – CVE-2015-2316 python-django: Django: possible denial of service in strip_tags() [epel-7]
1202818 – CVE-2015-2317 Django: possible XSS attack via user-supplied redirect URLs<br
Update to 1.6.11

Resolved Bugs
1204829 – PyYAML: assert failure when processing wrapped strings
1204832 – PyYAML: assert failure when processing wrapped strings [epel-5]<br
Security fix for CVE-2014-9130

Resolved Bugs
1203203 – CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [fedora-all]
1203205 – CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [epel-6]
1190119 – CVE-2015-1493 moodle: Directory Traversal Attack possible through some files serving JS (MSA-15-0009) [fedora-all]<br
Update to latest versions of the respective branches. f20 has been updated from 2.5.x to 2.6.x because 2.5.x is EOL.

Resolved Bugs
1204823 – owncloud: new security issues fixed upstream in 6.0.7 and 7.0.5 [epel-all]
1204821 – owncloud: new security issues fixed upstream in 6.0.7 and 7.0.5<br
This update provides the new release 7.0.5, which resolves currently undisclosed security vulnerabilities in ownCloud.
It is a minor version update and should apply without any issues or special handling, but as usual, we recommend backing up your data, configuration, and database before updating.
We have also backported a post-7.0.5 fix for a ‘critical’ issue: https://github.com/owncloud/core/issues/14843 .