Resolved Bugs
1201365 – CVE-2015-2152 xen: HVM qemu unexpectedly enabling emulated VGA graphics backends (XSA 119) [fedora-all]
1200398 – CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123) [fedora-all]
1187153 – CVE-2015-1563 xen: vgic: incorrect rate limiting of guest triggered logging on ARM architectures (XSA-118)
1200724 – CVE-2015-2152 xen: HVM qemu unexpectedly enabling emulated VGA graphics backends (XSA 119)
1196274 – CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)<br
Additional patch for XSA-98 on arm64
HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152]
Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151]
enable building pngs from fig files which is working again,
fix oxenstored.service preset preuninstall script,
arm: vgic: incorrect rate limiting of guest triggered logging,
Information leak via internal x86 system device emulation,
Information leak through version information hypercall

Resolved Bugs
1201365 – CVE-2015-2152 xen: HVM qemu unexpectedly enabling emulated VGA graphics backends (XSA 119) [fedora-all]
1200398 – CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123) [fedora-all]
1200724 – CVE-2015-2152 xen: HVM qemu unexpectedly enabling emulated VGA graphics backends (XSA 119)
1196274 – CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)<br
Additional patch for XSA-98 on arm64
HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152]
Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151]
Information leak via internal x86 system device emulation, Information leak through version information hypercall, fix a typo in xen.fedora.systemd.patch

Version **2.3.7** (2015-03-12)
* #7255 Revert BC break against AbstractRestfulController
Version **2.3.6** (2015-03-12)
* ZF2015-03 ZendValidatorCsrf was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding ZendFormElementCsrf, we recommend upgrading immediately.

Version **2.3.7** (2015-03-12)
* #7255 Revert BC break against AbstractRestfulController
Version **2.3.6** (2015-03-12)
* ZF2015-03 ZendValidatorCsrf was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding ZendFormElementCsrf, we recommend upgrading immediately.

Version **2.3.7** (2015-03-12)
* #7255 Revert BC break against AbstractRestfulController
Version **2.3.6** (2015-03-12)
* ZF2015-03 ZendValidatorCsrf was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding ZendFormElementCsrf, we recommend upgrading immediately.

Version **2.3.7** (2015-03-12)
* #7255 Revert BC break against AbstractRestfulController
Version **2.3.6** (2015-03-12)
* ZF2015-03 ZendValidatorCsrf was incorrectly testing null or improperly formatted token identifiers, allowing them to pass validation. This release provides patches to correct the behavior. If you use the validator, or the corresponding ZendFormElementCsrf, we recommend upgrading immediately.

Resolved Bugs
1201365 – CVE-2015-2152 xen: HVM qemu unexpectedly enabling emulated VGA graphics backends (XSA 119) [fedora-all]
1200724 – CVE-2015-2152 xen: HVM qemu unexpectedly enabling emulated VGA graphics backends (XSA 119)
1200398 – CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123) [fedora-all]
1196274 – CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)<br
HVM qemu unexpectedly enabling emulated VGA graphics backends [XSA-119, CVE-2015-2152]
Hypervisor memory corruption due to x86 emulator flaw [XSA-123, CVE-2015-2151]
Information leak via internal x86 system device emulation, Information leak through version information hypercall, fix a typo in xen.fedora.systemd.patch

Resolved Bugs
1199511 – libssh2: Using SSH_MSG_KEXINIT data unbounded<br
This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file.
These include a security fix for CVE-2015-1782:
A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process. There are no known exploits of this flaw at this time.
See http://www.libssh2.org/adv_20150311.html for further details.

Resolved Bugs
1199511 – libssh2: Using SSH_MSG_KEXINIT data unbounded<br
This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file.
These include a security fix for CVE-2015-1782:
A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process. There are no known exploits of this flaw at this time.
See http://www.libssh2.org/adv_20150311.html for further details.

Resolved Bugs
1199511 – libssh2: Using SSH_MSG_KEXINIT data unbounded<br
This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file.
These include a security fix for CVE-2015-1782:
A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process. There are no known exploits of this flaw at this time.
See http://www.libssh2.org/adv_20150311.html for further details.