Resolved Bugs
1169699 – CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962

Resolved Bugs
1169665 – CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]
1169668 – CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[] [epel-6]<br
Security fix for CVE-2014-8123

Resolved Bugs
1169487 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]
1169488 – CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]<br
Fix for CVE-2014-8104.
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b

Resolved Bugs
1169375 – Disable SSL 3.0 in erlang-ssl
1059331 – CVE-2014-1693 erlang-inets: command injection flaw in FTP module
1059335 – CVE-2014-1693 erlang: erlang-inets: command injection flaw in FTP module [epel-all]
1161922 – Too many dependencies from Erlang<br
* Disable SSLv3
* Backport useful os:getenv/2 from master. See this GitHub pull request for further details – https://github.com/erlang/otp/pull/535
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain

Resolved Bugs
1169698 – CVE-2014-9028 CVE-2014-8962 flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962

Resolved Bugs
1167571 – CVE-2014-9112 cpio: heap-based buffer overflow flaw in list_file()
1167573 – cpio: heap-based buffer overflow flaw in list_file() [fedora-all]<br
Security fix for CVE-2014-9112 (#1167573)

Resolved Bugs
1169665 – CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[]
1169666 – CVE-2014-8123 antiword: buffer overflow of atPPSlist[].szName[] [fedora-all]<br
Security fix for CVE-2014-8123

New Firefox release – 34.0.

Resolved Bugs
1169699 – CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
1167236 – CVE-2014-8962 flac: Heap buffer read overflow when processing ID3V2 metadata
1167741 – CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_<br
Security fix for CVE-2014-9028, CVE-2014-8962

Resolved Bugs
1168438 – Update to 1.8.12
1142581 – CVE-2014-3638 CVE-2014-3639 CVE-2014-3636 CVE-2014-3637 CVE-2014-3635 dbus: various flaws [fedora-all]
1140523 – CVE-2014-3635 dbus: heap-based buffer overflow flaw in file descriptor passing
1140525 – CVE-2014-3636 dbus: denial of service by queuing or splitting file descriptors
1140527 – CVE-2014-3637 dbus: denial of service by creating unkillable D-Bus connections
1140529 – CVE-2014-3638 dbus: denial of service in method call handling
1140532 – CVE-2014-3639 dbus: denial of service flaw in incomplete connection handling<br
Update to 1.8.12 (#1168438)
* Fixes CVE-2014-3635 (fd.o#83622)
* Fixes CVE-2014-3636 (fd.o#82820)
* Fixes CVE-2014-3637 (fd.o#80559)
* Fixes CVE-2014-3638 (fd.o#81053)
* Fixes CVE-2014-3639 (fd.o#80919)
* Fixes CVE-2014-7824 (fd.o#85105)