Resolved Bugs
1093273 – CVE-2014-0363 smack: incorrect X.509 certificate validation
1093274 – CVE-2014-0363 smack: incorrect X.509 validation [fedora-all]<br
fix for CVE-2014-0363 (rhbz#1093274)

Resolved Bugs
1167537 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009)
1170650 – CVE-2014-9029 jasper: incorrect component number check in COC, RGN and QCC marker segment decoders (oCERT-2014-009) [fedora-all]<br
Fixes CVE-2014-9029 vulnerability.

Resolved Bugs
1056338 – CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False
1056339 – CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False [fedora-all]<br
Fix CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False

Resolved Bugs
1170597 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords
1170600 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords [epel-6]<br
phpMyAdmin 4.0.10.7 (2014-12-03)
================================
– [security] DOS attack with long passwords

Resolved Bugs
1088105 – CVE-2014-2893 llvm: insecure temporary file handling in clang’s scan-build utility<br
Fix for CVE-2014-2893.

Resolved Bugs
1170597 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords
1170601 – CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords [epel-7]
1170604 – CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism
1170606 – CVE-2014-9219 phpMyAdmin: XSS vulnerability in redirection mechanism [epel-7]<br
phpMyAdmin 4.2.13.1 (2014-12-03)
================================
– [security] XSS vulnerability in redirection mechanism
– [security] DOS attack with long passwords

Resolved Bugs
1168146 – CVE-2014-9091 icecast: supplementary groups are not overriden
1168147 – CVE-2014-9091 icecast: supplementary groups are not overriden [fedora-all]
1168148 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-5]
1168149 – CVE-2014-9091 icecast: supplementary groups are not overriden [epel-6]
1165880 – CVE-2014-9018 icecast: possible leak of on-connect scripts
1165882 – icecast: possible leak of on-connect scripts [fedora-all]
1165883 – icecast: possible leak of on-connect scripts [epel-5]
1165885 – icecast: possible leak of on-connect scripts [epel-6]
954320 – icecast package should be built with PIE flags
1101950 – icecast-2.4.1 is available<br
**fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149)**
**fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885)**
**enabled fully hardened build (#954320)**
* update new to release v2.4.1 (#1101950)
* added doc-subpkg

kronolith 4.2.4
* [jan] Make access to non-CalDAV remote calendars faster (Bug #12379).
* [jan] Continue with further events if parsing of one remote event date fails.
* [jan] Fix JS error in month view with more events today than the maximum threshold.
* [mjr] Fix fatal error when creating or modifying an entry via PUT.
* [mjr] Don’t show private event details in daily agenda emails if not the owner (Bug #13660).

Resolved Bugs
1056338 – CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False
1056339 – CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False [fedora-all]<br
Fix CVE-2014-1624 pyxdg: TOCTOU race condition in get_runtime_dir() when strict=False

kronolith 4.2.4
* [jan] Make access to non-CalDAV remote calendars faster (Bug #12379).
* [jan] Continue with further events if parsing of one remote event date fails.
* [jan] Fix JS error in month view with more events today than the maximum threshold.
* [mjr] Fix fatal error when creating or modifying an entry via PUT.
* [mjr] Don’t show private event details in daily agenda emails if not the owner (Bug #13660).