Resolved Bugs
1232971 – drupal6-6.36 is available<br
– Release 6.36 is a security fix release
– Upstream release notes: https://www.drupal.org/drupal-6.36-release-notes

Resolved Bugs
1232206 – sizeof – kernel core/modules x 10
1231454 – Updated Polish translation
1230798 – run-elflint-self test failure with 0.162 with –enable-gcov
1170810 – Fuzzing elfutils — various badness
1139815 – Ukrainian translation update
1129756 – Unwinding core fails in vDSO frame when elf_begin is called with ELF_C_READ
1020842 – libelf: segment fault on x86-64 while file’s bss offset have a large number
1230468 – BuildRequires on glibc-devel not glibc-headers.<br
Update to 0.163. Hardening fixes. Updated eu-addr2line utility. Various bug fixes. Updated translations.
Update to 0.162. Hardening fixes. Updated eu-addr2line utility. Various bug fixes.

Resolved Bugs
1232131 – CVE-2015-3164 xorg-x11-server: Xwayland allows unconditional open access to display [fedora-all]<br
Upstream stable release of xserver 1.17.2
fix bug with glamor and overlapping copies
(CVE-2015-3164) Due to an omission in authentication setup, the XWayland server would start up in non-authenticating mode, meaning that any client with access to the server’s UNIX socket was able to connect to the server and use it as a regular client. http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html

Resolved Bugs
1206411 – python-jwt-1.3.0 is available
1231173 – python-jwt: token verification bypass with “none” algorithm
1231174 – python-jwt: token verification bypass with “none” algorithm [fedora-all]<br
Latest upstream with security fix for http://seclists.org/oss-sec/2015/q2/3 https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a

Resolved Bugs
1231871 – CVE-2015-4556 chicken: out-of-bounds read in CHICKEN Scheme’s string-translate* procedure<br
Apply patch to work around out of bounds bug: BZ 1231871.

Resolved Bugs
1232896 – CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference not enforced server side (regression) [fedora-all]<br
release 1.3.3.12

Resolved Bugs
1232972 – drupal7-7.38 is available<br
– Release 7.38 is a security fix release
– Upstream release notes: https://www.drupal.org/drupal-7.38-release-notes

Resolved Bugs
1206411 – python-jwt-1.3.0 is available
1231173 – python-jwt: token verification bypass with “none” algorithm
1231174 – python-jwt: token verification bypass with “none” algorithm [fedora-all]<br
Latest upstream with security fix for http://seclists.org/oss-sec/2015/q2/3 https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a

Fix CVE-2015-1851 (RHBZ #1231822)

Resolved Bugs
1233334 – CVE-2015-1840 rubygem-jquery-rails: CSRF Vulnerability in jquery-ujs and jquery-rails
1233336 – CVE-2015-1840 rubygem-jquery-rails: CSRF Vulnerability in jquery-ujs and jquery-rails [fedora-all]<br
Security fix for CVE-2015-1840