Resolved Bugs
1178824 – CVE-2015-0556 CVE-2015-0557 arj: two directory traversal flaws
1207180 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow
1196751 – arj: buffer overflow write access initiated by a size read from a crafted archive
1178827 – arj: two directory traversal flaws [epel-all]
1207182 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow [epel-all]
1196752 – arj: buffer overflow write access initiated by a size read from a crafted archive [epel-all]<br
– Added patch from Debian to avoid free on invalid pointer due to a buffer overflow (#1196751, #1207180)
– Added patch from Debian for symlink directory traversal (#1178824)
– Added patch from Debian to fix the directory traversal via //multiple/leading/slash (#1178824)

Release notes:
* http://symfony.com/blog/symfony-2-5-9-released
* http://symfony.com/blog/symfony-2-5-10-released
* http://symfony.com/blog/symfony-2-5-11-released
Security fix in 2.5.11
* security #14167 CVE-2015-2308 (nicolas-grekas)
* security #14166 CVE-2015-2309 (neclimdul)

Resolved Bugs
1178827 – arj: two directory traversal flaws [epel-all]
1207182 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow [epel-all]
1196752 – arj: buffer overflow write access initiated by a size read from a crafted archive [epel-all]
1178824 – CVE-2015-0556 CVE-2015-0557 arj: two directory traversal flaws
1207180 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow
1196751 – arj: buffer overflow write access initiated by a size read from a crafted archive<br
– Added patch from Debian to avoid free on invalid pointer due to a buffer overflow (#1196751, #1207180)
– Added patch from Debian for symlink directory traversal (#1178824)
– Added patch from Debian to fix the directory traversal via //multiple/leading/slash (#1178824)

Resolved Bugs
1178827 – arj: two directory traversal flaws [epel-all]
1207182 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow [epel-all]
1196752 – arj: buffer overflow write access initiated by a size read from a crafted archive [epel-all]
1178824 – CVE-2015-0556 CVE-2015-0557 arj: two directory traversal flaws
1207180 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow
1196751 – arj: buffer overflow write access initiated by a size read from a crafted archive<br
– Added patch from Debian to avoid free on invalid pointer due to a buffer overflow (#1196751, #1207180)
– Added patch from Debian for symlink directory traversal (#1178824)
– Added patch from Debian to fix the directory traversal via //multiple/leading/slash (#1178824)

Update to latest release, which includes security fixes.
Update to 2.1.6, per changes described at:
http://postgis.net/2015/03/20/postgis-2.1.6
enable json-c for postigs, but disable it for upgrade part
Rebuild for Proj 4.9.1

Resolved Bugs
1207216 – perl-DBD-Firebird: buffer overflow in error messages handling in IB_SQLtimeformat()
1207218 – perl-DBD-Firebird: buffer overflow in error messages handling in IB_SQLtimeformat() [epel-all]<br
DBD::Firebird 1.19 [2015-03-22]
===============================
* Fix $VERSION in Firebird.pm
* Fix typo in ISC_PASSWORD spelling
* Positive logic and early return
* Allow re-executing/fetch on prepared sth [RT#92810, Tux]
* Add rests for $dbh->{Name} and others
* Implement $dbh->{Name}
* Fix attributions to Mike Pomraning
* use strict and warnings in all modules
* add a test for inserting/fetching float and double numbers as an attempt to reproduce RT#101650
* fix File::Which configure prerequisite declaration [RT#101672, dmn]
* 03-dbh-attr.t: plan tests after creating the TestFirebird object
* Buffer Overflow in dbdimp.c
* use snprintf instead of sprintf everywhere