This is a maintenance and bugfix release that upgrades the timezone
data packages and the php-timezonedb packages to the 2015d version.

Updated fcgi packages fix security vulnerability:

FCGI does not perform range checks for file descriptors before use of
the FD_SET macro. This FD_SET macro could allow for more than 1024
total file descriptors to be monitored in the closing state. This
may allow remote attackers to cause a denial of service (stack memory
corruption, and infinite loop or daemon crash) by opening many socket
connections to the host and crashing the service (CVE-2012-6687).

Updated cherokee packages fix security vulnerability:

The cherokee_validator_ldap_check function in validator_ldap.c in
Cherokee 1.2.103 and earlier, when LDAP is used, does not properly
consider unauthenticated-bind semantics, which allows remote attackers
to bypass authentication via an empty password (CVE-2014-4668).

Updated ruby packages fix security vulnerability:

Ruby OpenSSL hostname matching implementation violates RFC 6125
(CVE-2015-1855).

The ruby packages for MBS2 has been updated to version 2.0.0-p645,
which fixes this issue.

Updated directfb packages fix security vulnerabilities:

Multiple integer signedness errors in the Dispatch_Write function
in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the Voodoo interface, which triggers a
stack-based buffer overflow (CVE-2014-2977).

The Dispatch_Write function in
proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via the Voodoo interface, which triggers an
out-of-bounds write (CVE-2014-2978).