Resolved Bugs
1182154 – CVE-2015-1196 patch: directory traversal via symlinks
1182157 – patch: directory traversal via symlinks [fedora-all]<br
This update applies upstream fixes for CVE-2015-1196, directory traversal via symlink, as well as an integer overflow in line number handling.

refresh packaging to 1.1.0-rc3, and include fix for possible command injection vulerability, see https://bugs.freedesktop.org/show_bug.cgi?id=66670

refresh packaging to 1.1.0-rc3, and include fix for possible command injection vulerability, see https://bugs.freedesktop.org/show_bug.cgi?id=66670

Resolved Bugs
1062095 – CVE-2014-1909 android-tools: stack-based buffer overflow flaw in Android Debug Bridge (ADB) client
1062096 – android-tools: stack-based buffer overflow flaw in Android Debug Bridge (ADB) client [fedora-all]
967216 – Device is offline if adb started via systemd
1175475 – ADB and other Android tools are outdated<br
Harden android-tools
Update to 5.0.2 release

Resolved Bugs
1183232 – [regression] no GPU accelleration in 3.18, no video output in vlc and mplayer
1183289 – USB3 devices broken in 3.18 kernel
1181054 – CVE-2014-9585 kernel: ASLR bruteforce possible for vdso library
1181056 – CVE-2014-9585 kernel: ASLR bruteforce possible for vdso library [fedora-all]
1178975 – endless loop in clock_gettime() on a kvm-based VM
1124119 – usb 3.0 HDD SCSI UASP
1094948 – Backlight control doesn’t work on the Samsung N145P netbook
1115713 – backlight problem with Intel i915 integrated graphics adatper in N4xx/N5xx Atom after kernel 3.14.2
1163574 – Backlight control needs kernel param: video.use_native_backlight=0<br
The 3.18.3 update contains a number of important fixes across the tree. The 201 build should also fix most of the i915 issues seen in testing on 3.18.2-200
The 3.18.2 kernel rebase contains several new features as well as several fixes across the tree.

Resolved Bugs
1181721 – CVE-2015-0203 qpid-cpp: qpidd can be crashed by authenticated user<br
Resolves: BZ#1181721
Enabled building the linear store.

Resolved Bugs
1181721 – CVE-2015-0203 qpid-cpp: qpidd can be crashed by authenticated user<br
Resolves: BZ#1181721

Resolved Bugs
1179672 – CVE-2015-0219 Django: WSGI header spoofing via underscore/dash conflation
1179675 – CVE-2015-0220 Django: Mitigated possible XSS attack via user-supplied redirect URLs
1179679 – CVE-2015-0221 Django: denial of service attack against django.views.static.serve
1179685 – CVE-2015-0222 Django: database denial of service with ModelMultipleChoiceField
1181940 – CVE-2015-0219 python-django14: Django: WSGI header spoofing via underscore/dash conflation [fedora-20]
1181944 – CVE-2015-0220 python-django14: Django: Mitigated possible XSS attack via user-supplied redirect URLs [fedora-20]
1181947 – CVE-2015-0221 python-django14: Django: denial of service attack against django.views.static.serve [fedora-20]<br
update to 1.4.18 fixing multiple CVEs

Resolved Bugs
1172386 – security update thunderbird for EPEL7<br
For list of changes see https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/
See https://www.mozilla.org/en-US/thunderbird/31.3.0/releasenotes/ for changes.

This is a new upstream release fixing several serious bugs: reports of eveasion issues, sequence gaps in tcp stream reassembly under TLS detection, segfault in libhtp 0.5.15 which can lead to denial of service, and several others. See change log for details.