Multiple vulnerabilities has been discovered and corrected in owncloud:

* Multiple stored XSS in contacts application (oC-SA-2015-001)

* Multiple stored XSS in documents application (oC-SA-2015-002)

* Bypass of file blacklist (oC-SA-2015-004)

The updated packages have been upgraded to the 7.0.5 version where
these security flaws has been fixed.

Multiple vulnerabilities has been discovered and corrected in owncloud:

* Login bypass when using user_ldap due to unauthenticated binds
(oC-SA-2014-020)

* Login bypass when using the external FTP user backend
(oC-SA-2014-022)

* CSRF in bookmarks application (oC-SA-2014-027)

* Stored XSS in bookmarks application (oC-SA-2014-028)

* Multiple stored XSS in contacts application (oC-SA-2015-001)

* Multiple stored XSS in documents application (oC-SA-2015-002)

* Bypass of file blacklist (oC-SA-2015-004)

The updated packages have been upgraded to the 5.0.19 version where
these security flaws has been fixed.

The slapd service is stopped during the package upgrade to perform
upgrade on the OpenLDAP DB. The service wasn’t restarted after the
upgrade if the service was running before. This update fixes this
issue.

Updated tor packages fix security vulnerabilities:

The tor package has been updated to version 0.2.4.26, which fixes
possible crashes that may be remotely trigger-able, which would
result in a denial of service, and also fixes a few other bugs.
See the release announcement for details.

Multiple vulnerabilities has been discovered and corrected in flac:

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1
allows remote attackers to execute arbitrary code via a crafted .flac
file (CVE-2014-9028).

Stack-based buffer overflow in stream_decoder.c in libFLAC before
1.3.1 allows remote attackers to execute arbitrary code via a crafted
.flac file (CVE-2014-8962).

The updated packages provides a solution for these security issues.