Resolved Bugs
1201308 – seamonkey-2.33.source is available<br
Update to 2.33
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.

Resolved Bugs
1201308 – seamonkey-2.33.source is available<br
Update to 2.33
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.

Resolved Bugs
1190597 – CVE-2014-8165 powerpc-utils-python: arbitrary code execution due to unpickling untrusted input [fedora-all]<br
* Fixing arbitrary code execution

Fixes CVE-2015-2330, late TLS certificate verification. This issue affects applications using the WebKit 2 API that opt-in to connection failures using WEBKIT_TLS_ERRORS_POLICY_FAIL. No applications included in Fedora 20 are known to be impacted by this issue as none are known to use WEBKIT_TLS_ERRORS_POLICY_FAIL; however, if you develop an application using WebKit 2 it may be affected. Note that applications that do not use this policy cannot be secure.

Resolved Bugs
1202906 – CVE-2015-2296 python-requests: session fixation and cookie stealing vulnerability [fedora-21]
1202904 – CVE-2015-2296 python-requests: session fixation and cookie stealing vulnerability<br
Backport of patch to not ascribe cookies to the target domain.
– https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
– http://www.openwall.com/lists/oss-security/2015/03/14/4

Resolved Bugs
1200034 – varnish: heap-based buffer overflow in backend server HTTP response parsing
1200035 – varnish: heap-based buffer overflow in backend server HTTP response parsing [fedora-all]<br
This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.
New upstream release. A bugfix release.
Highlights from the changelog:
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower
Fore a detailed list of changes, please see the project’s announcement at https://www.varnish-cache.org/content/varnish-cache-403

Backport of patch to not ascribe cookies to the target domain.
https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
http://www.openwall.com/lists/oss-security/2015/03/14/4

Resolved Bugs
1201532 – Merge clickpad patch for i2c touchpads
1181166 – CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access
1200950 – CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access [fedora-all]
1196266 – CVE-2015-2150 xen: non-maskable interrupts triggerable by guests (xsa120)
1200397 – CVE-2015-2150 xen: non-maskable interrupts triggerable by guests (xsa120) [fedora-all]
1200777 – Fix touchpads on the Oct 2014 series of the Lenovo *40 series
1200778 – Support the Lenovo X1 Carbon 3rd touchpad (kernel)
1199312 – Building kernel-4.0.0-0.rc2.git0.1 on F21 gives rpmbuild error for insecure path.<br
Update to latest upstream 4.0 release, Linux v4.0-rc4. This also should fix some aarch64 hangs and builds with variant set. UEFI ESRT support is added.

Resolved Bugs
1200034 – varnish: heap-based buffer overflow in backend server HTTP response parsing
1200035 – varnish: heap-based buffer overflow in backend server HTTP response parsing [fedora-all]<br
Added an update that fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.
New upstream release. A bugfix release.
Highlights from the changelog:
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower
Fore a detailed list of changes, please see the project’s announcement at https://www.varnish-cache.org/content/varnish-cache-403

Resolved Bugs
1195355 – CVE-2015-2042 kernel: rds: information handling flaw in rds sysctl files.
1199365 – CVE-2015-2042 kernel: rds: information handling flaw in rds sysctl files. [fedora-all]
1200777 – Fix touchpads on the Oct 2014 series of the Lenovo *40 series
1200778 – Support the Lenovo X1 Carbon 3rd touchpad (kernel)
1196266 – CVE-2015-2150 xen: non-maskable interrupts triggerable by guests (xsa120)
1200397 – CVE-2015-2150 xen: non-maskable interrupts triggerable by guests (xsa120) [fedora-all]
1069027 – Cannot turn on Screen with radeon drivers after resume of suspend.
1181166 – CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access
1200950 – CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access [fedora-all]
1201532 – Merge clickpad patch for i2c touchpads<br
The 3.19.1 rebase contains improved hardware support, a number of new features, and many important fixes across the tree.