This is a new upstream release fixing several serious bugs: reports of eveasion issues, sequence gaps in tcp stream reassembly under TLS detection, segfault in libhtp 0.5.15 which can lead to denial of service, and several others. See change log for details.

Resolved Bugs
1181939 – CVE-2015-0219 python-django: Django: WSGI header spoofing via underscore/dash conflation [fedora-all]
1181943 – CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [fedora-all]
1181946 – CVE-2015-0221 python-django: Django: denial of service attack against django.views.static.serve [fedora-all]
1181951 – CVE-2015-0222 python-django: Django: database denial of service with ModelMultipleChoiceField [fedora-all]
1179679 – CVE-2015-0221 Django: denial of service attack against django.views.static.serve
1179672 – CVE-2015-0219 Django: WSGI header spoofing via underscore/dash conflation
1179685 – CVE-2015-0222 Django: database denial of service with ModelMultipleChoiceField<br
fix CVE-2015-0219 (rhbz#1181939)

Resolved Bugs
1179142 – arc: directory traversal
1179143 – arc: directory traversal [fedora-all]<br
– Fix directory traversal security issue (rhbz#1179143)

Resolved Bugs
1181721 – CVE-2015-0203 qpid-cpp: qpidd can be crashed by authenticated user
1159008 – juno qpid: install qpid-cpp-server’ returned 1: Error: Package: qpid-cpp-client-0.30-3.fc21.x86_64<br
Resolves: BZ#1181721
Enabled building the linear store.

Resolved Bugs
1162666 – CVE-2014-8738 binutils: out of bounds memory write
1162655 – CVE-2014-8737 binutils: directory traversal vulnerability
1149660 – gcc-ar crashes with core and then ‘cannot find symbol’ is reported in 4.9.1, while no issue reported with 4.8.3<br
Fix problems with the ar program reported in FSF PR 17533

Resolved Bugs
1172386 – security update thunderbird for EPEL7<br
For list of changes see https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/
See https://www.mozilla.org/en-US/thunderbird/31.3.0/releasenotes/ for changes.

Resolved Bugs
1173605 – libhtp: denial of service with specific packets
1173607 – suricata: libhtp: denial of service with specific packets [fedora-all]<br
This is a new upstream release fixing several serious bugs: reports of eveasion issues, sequence gaps in tcp stream reassembly under TLS detection, segfault in libhtp 0.5.15 which can lead to denial of service, and several others. See change log for details.

Resolved Bugs
1169593 – Creates /.docker
1175144 – docker-io-1.4.1 is available
1173950 – docker-io can’t be installed on rhel 6.5 due to requirement device-mapper-libs >= 1.02.90-1
1173325 – CVE-2014-9357 CVE-2014-9356 CVE-2014-9358 docker-io: various flaws [epel-6]
1172761 – CVE-2014-9356 docker: Path traversal during processing of absolute symlinks
1172782 – CVE-2014-9357 docker: Escalation of privileges during decompression of LZMA archives
1172787 – CVE-2014-9358 docker: Path traversal and spoofing opportunities presented through image identifiers<br
set DOCKER_CERT_PATH outside of sysconfig file
don’t require fish for fish-completion as it’s unavailable
Resolves: rhbz#1175144 – update to 1.4.1
Resolves: rhbz#1173950 remove min version requirements on device-mapper-libs
Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356

Resolved Bugs
1172386 – security update thunderbird for EPEL7<br
For list of changes see https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/
See https://www.mozilla.org/en-US/thunderbird/31.3.0/releasenotes/ for changes.

Resolved Bugs
1179672 – CVE-2015-0219 Django: WSGI header spoofing via underscore/dash conflation
1181941 – CVE-2015-0219 python-django: Django: WSGI header spoofing via underscore/dash conflation [epel-7]
1179675 – CVE-2015-0220 Django: Mitigated possible XSS attack via user-supplied redirect URLs
1181945 – CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [epel-7]
1179679 – CVE-2015-0221 Django: denial of service attack against django.views.static.serve
1181948 – CVE-2015-0221 python-django: Django: denial of service attack against django.views.static.serve [epel-7]
1181952 – CVE-2015-0222 python-django: Django: database denial of service with ModelMultipleChoiceField [epel-7]
1179685 – CVE-2015-0222 Django: database denial of service with ModelMultipleChoiceField<br
fix CVE-2015-0219 (rhbz#1181939)
update to 1.6.9