Resolved Bugs
1205138 – CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers
1207724 – CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers [fedora-all]
1205134 – CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests
1207723 – CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests [fedora-all]
1205140 – CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
1207725 – CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions [fedora-all]
1183873 – subversion must depend on systemd or systemd-units<br
This update includes the latest stable release of **Apache Subversion**, version **1.8.13**.
Three security vulnerabilities are fixed in this update:
* CVE-2015-0202: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt
* CVE-2015-0248: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt
* CVE-2015-0251: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt
In addition, the following changes are included in the Subversion 1.8.13 update:
**Client-side bugfixes:**
* ra_serf: prevent abort of commits that have already succeeded
* ra_serf: support case-insensitivity in HTTP headers
* better error message if an external is shadowed
* ra_svn: fix reporting of directory read errors
* fix a redirect handling bug in ‘svn log’ over HTTP
* properly copy tree conflict information
* fix ‘svn patch’ output for reordered hunks http://subversion.tigris.org/issues/show_bug.cgi?id=4533
* svnrdump load: don’t load wrong props with no-deltas dump http://subversion.tigris.org/issues/show_bug.cgi?id=4551
* fix working copy corruption with relative file external http://subversion.tigris.org/issues/show_bug.cgi?id=4411
* don’t crash if config file is unreadable
* svn resolve: don’t ask a question with only one answer
* fix assertion failure in svn move
* working copy performance improvements
* handle existing working copies which become externals
* fix recording of WC meta-data for foreign repos copies
* fix calculating repository path of replaced directories
* fix calculating repository path after commit of switched nodes
* svnrdump: don’t provide HEAD+1 as base revision for deletes
* don’t leave conflict markers on files that are moved
* avoid unnecessary subtree mergeinfo recording
* fix diff of a locally copied directory with props
**Server-side bugfixes:**
* fsfs: fix a problem verifying pre-1.4 repos used with 1.8
* svnadmin freeze: fix memory allocation error
* svnadmin load: tolerate invalid mergeinfo at r0
* svnadmin load: strip references to r1 from mergeinfo http://subversion.tigris.org/issues/show_bug.cgi?id=4538
* svnsync: strip any r0 references from mergeinfo http://subversion.tigris.org/issues/show_bug.cgi?id=4476
* fsfs: reduce memory consumption when operating on dag nodes
* reject invalid get-location-segments requests in mod_dav_svn and svnserve
* mod_dav_svn: reject invalid txnprop change requests
**Client-side and server-side bugfixes:**
* fix undefined behaviour in string buffer routines
* fix consistency issues with APR r/w locks on Windows
* fix occasional SEGV if threads load DSOs in parallel
* properly duplicate svn error objects
* fix use-after-free in config parser

Resolved Bugs
1243842 – iptyhon: cross-site request forgery in get_origin()
1243843 – ipython: iptyhon: cross-site request forgery in get_origin() [fedora-all]
1219956 – not loading font-awesome in the notebook
1219997 – ipython in pylab qt mode prevents import of PyQt4<br
Fix CSRF issue.
– Fix font-awesome paths (bug #1219956)
– Add upstream patch to fix PyQt4 import (bug #1219997)
– Use python2 macros, fix python3 shebang fix
Fix fontawesome path

Resolved Bugs
1241907 – hostapd and wpa_supplicant: Incomplete WPS and P2P NFC NDEF record payload length validation [fedora-all]<br
The update adds a patch for the security issue in bug 1241907.

Resolved Bugs
910262 – [abrt] polkit-0.107-4.fc18: js::PropertyTable::search: Process /usr/lib/polkit-1/polkitd was killed by signal 11 (SIGSEGV)
1177930 – [abrt] polkit: LookupPropertyWithFlagsInline(): polkitd killed by SIGSEGV
1228738 – CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
1233808 – CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping
1175061 – [abrt] polkit: js::ShapeTable::search(): polkitd killed by SIGSEGV
1194391 – [abrt] polkit: getObjectClass(): polkitd killed by SIGSEGV
1228739 – CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent [fedora-all]
1233810 – CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping [fedora-all]
1243004 – dnf upgrade polkit fails because of packaging issues<br
Security fix for CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625.
Please make sure to reboot or run (systemctl restart polkit.service) after applying this update.

Resolved Bugs
1194213 – xrdp: denial of service when validating user accounts against plain passwd files/via shadow-utils<br
Attempt to fix this DoS.

Resolved Bugs
1227252 – CVE-2015-0839 hplip: hp-plugin verified binary download with short key ID
1227253 – CVE-2015-0839 hplip: hp-plugin verified binary download with short key ID [fedora-all]<br
New upstream bug-fix release, which fixes CVE-2015-0839

Resolved Bugs
1241907 – hostapd and wpa_supplicant: Incomplete WPS and P2P NFC NDEF record payload length validation [fedora-all]<br
The update adds a patch for the security issue in bug 1241907.

Resolved Bugs
1243842 – iptyhon: cross-site request forgery in get_origin()
1243843 – ipython: iptyhon: cross-site request forgery in get_origin() [fedora-all]
1219956 – not loading font-awesome in the notebook
1219997 – ipython in pylab qt mode prevents import of PyQt4<br
Fix CSRF issue.
– Fix font-awesome paths (bug #1219956)
– Add upstream patch to fix PyQt4 import (bug #1219997)
– Use python2 macros, fix python3 shebang fix
Fix fontawesome path

Resolved Bugs
1194215 – xrdp: denial of service when validating user accounts against plain passwd files/via shadow-utils [epel-all]
1194214 – xrdp: denial of service when validating user accounts against plain passwd files/via shadow-utils [fedora-all]<br
add epoch again.
new version

Resolved Bugs
1243894 – CVE-2015-3185 CVE-2015-3183 CVE-2015-0253 httpd: various flaws [fedora-all]
1243887 – CVE-2015-3183 httpd: chunk header parsing defect
1243888 – CVE-2015-3185 httpd: replacement of ap_some_auth_required with new ap_some_authn_required and ap_force_authn
1243891 – CVE-2015-0253 httpd: a crash with ErrorDocument 400 pointing to a local URL-path
1202988 – CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug
1232127 – CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug [fedora-all]
1187888 – httpd-2.4.16 is available<br
Update to new version 2.4.16. This update fixed various bugs as well as few security issues.
For full changelog, see http://www.apache.org/dist/httpd/CHANGES_2.4.16