Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197274 – CVE-2015-0295 QT: BMP image handler crash [fedora-all]<br
DoS vulnerability in the BMP image handler (CVE-2015-0295)

Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197274 – CVE-2015-0295 QT: BMP image handler crash [fedora-all]<br
DoS vulnerability in the BMP image handler (CVE-2015-0295)

New upstream v1.4.19
– Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]
– Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837]

Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197275 – CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]<br
This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4.

Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197275 – CVE-2015-0295 qt3: QT: BMP image handler crash [fedora-all]<br
This update fixes CVE-2015-0295, a division by zero when loading some specific invalid BMP/DIB image files, which could be exploited for denial of service (application crash) attacks. The security patch is backported from Qt 4.

Resolved Bugs
1197273 – CVE-2015-0295 QT: BMP image handler crash
1197274 – CVE-2015-0295 QT: BMP image handler crash [fedora-all]<br
DoS vulnerability in the BMP image handler (CVE-2015-0295)

New upstream v1.4.19
– Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]
– Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837]

Resolved Bugs
1196912 – libpng10-1.0.63 is available
1179186 – CVE-2014-9495 libpng: buffer overflow in png_combine_row
1177327 – CVE-2015-0973 libpng: Heap-buffer overflow png_combine_row() with very wide interlaced images<br
This update addresses a couple of buffer overflows that might allow context-dependent attackers to execute arbitrary code via very wide PNG images.

Resolved Bugs
1196750 – drupal7-entity-1.6 is available<br
## 7.x-1.6
See [SA-CONTRIB-2015-053 – Entity API – Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905)
Changes since 7.x-1.5:
– by klausi: Sanitize field labels before passing them to the Token API.
– Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field.
– Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter.
– Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access().
– Issue #1651824 by meatsack | joachim: Fixed ‘entity_test’ table has incorrect declaration of foreign keys.
– Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle.
– Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing ‘path’ index.
– Issue #1104286: Support generating database schema for date properties.
– Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token.

Resolved Bugs
1157689 – CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified
1167569 – CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified [fedora-all]
1135841 – CVE-2014-6040 glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
1135842 – glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) [fedora-all]<br
– Fix CVE-2014-6040: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
– Fix CVE-2014-7817: command execution in wordexp() with WRDE_NOCMD specified