Resolved Bugs
1198192 – CVE-2015-2157 putty: failure to scrub private keys from memory after use
1198194 – CVE-2015-2157 putty: failure to scrub private keys from memory after use [fedora-all]<br
Fixed an issue when private keys weren’t scrub from memory after use.

Resolved Bugs
1197826 – xterm: buffer overflow with -S option
1197828 – xterm: buffer overflow with -S option [fedora-all]<br
Security fix for

Resolved Bugs
1197822 – CVE-2015-2172 dokuwiki: privilege escalation in RPC API
1064524 – Wrong SELinux type in dokuwiki-selinux package
1150134 – dokuwiki: various security flaws [epel-all]
1174333 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
1061477 – wiki:syntax page requires php-xml to render
1150133 – dokuwiki: various security flaws [fedora-all]
1174331 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
1161816 – dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
1174332 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
1101095 – New release available – 2014-05-05 “Ponder Stibbons”
1164396 – dokuwiki requires apache
1166099 – CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
1164394 – Add dokuwiki to epel7<br
This update fixes CVE-2015-2172
* There’s a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules.
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
This update adds dokuwiki package to EPEL7

Resolved Bugs
1198192 – CVE-2015-2157 putty: failure to scrub private keys from memory after use
1198194 – CVE-2015-2157 putty: failure to scrub private keys from memory after use [fedora-all]<br
Fixed an issue when private keys weren’t scrub from memory after use.

Resolved Bugs
1197815 – CVE-2015-0886 jBCrypt: integer overflow in the crypt_raw method
1197816 – CVE-2015-0886 jBCrypt: integer overflow in the crypt_raw method [fedora-all]<br
Security fix for CVE-2015-0886

Resolved Bugs
1196154 – libmspack: various flaws [fedora-all]
1196153 – libmspack: off-by-one(?) buffer under-read in mspack/lzxd.c
1196157 – libmspack: off-by-one buffer over-read in mspack/mszipd.c
1180177 – libmspack: pointer arithmetic overflow during CHM decompression
1180180 – libmspack: pointer arithmetic overflow during CHM decompression [fedora-all]
1180175 – libmspack: denial of service while processing crafted CHM file (floating point exception)
1180178 – libmspack: denial of service while processing crafted CHM file (floating point exception) [fedora-all]
1178867 – CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress()
1179822 – CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress() [fedora-all]<br
updated to bugfix release 0.5alpha

Resolved Bugs
1197822 – CVE-2015-2172 dokuwiki: privilege escalation in RPC API
1064524 – Wrong SELinux type in dokuwiki-selinux package
1150134 – dokuwiki: various security flaws [epel-all]
1174333 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
1061477 – wiki:syntax page requires php-xml to render
1150133 – dokuwiki: various security flaws [fedora-all]
1174331 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
1161816 – dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
1174332 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
1101095 – New release available – 2014-05-05 “Ponder Stibbons”
1164396 – dokuwiki requires apache
1166099 – CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
1164394 – Add dokuwiki to epel7<br
This update fixes CVE-2015-2172
* There’s a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules.
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
This update adds dokuwiki package to EPEL7

Resolved Bugs
1197669 – tcllib: Cross-Site-Scripting (XSS) in html::textarea
1197670 – tcllib: Cross-Site-Scripting (XSS) in html::textarea [fedora-all]
1154007 – tcllib-1.16 is available<br
Security fix for “textarea” issue.
Also, update to new 1.1.6 version.

Resolved Bugs
1198194 – CVE-2015-2157 putty: failure to scrub private keys from memory after use [fedora-all]
1198192 – CVE-2015-2157 putty: failure to scrub private keys from memory after use<br
Fixed an issue when private keys weren’t scrub from memory after use.

New upstream bug-fix release which fixes a security flaw in cups-browsed.