Resolved Bugs
1155362 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)
1155364 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [epel-5]
1155365 – CVE-2014-8326 phpMyAdmin4: phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [epel-5]<br
phpMyAdmin 4.0.10.5 (2014-10-21)
================================
– [security] XSS in debug SQL output
– [security] XSS in monitor query analyzer

Resolved Bugs
1157343 – konversation: out-of-bounds read flaw [epel-all]
1156418 – CVE-2014-8483 quassel, konversation: out-of-bounds read on a heap-allocated array<br
Pull in 1.5 branch fixes, including… out-of-bounds read flaw.

Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151262 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [epel-7]<br
Security fix for CVE-2014-3686. Update to version 2.3 from upstream.

Resolved Bugs
1157343 – konversation: out-of-bounds read flaw [epel-all]
1156418 – CVE-2014-8483 quassel, konversation: out-of-bounds read on a heap-allocated array<br
Pull in 1.5 branch fixes, including… out-of-bounds read flaw.

Resolved Bugs
1157343 – konversation: out-of-bounds read flaw [epel-all]
1156418 – CVE-2014-8483 quassel, konversation: out-of-bounds read on a heap-allocated array<br
out-of-bounds read flaw (#1157343,1156418)

Resolved Bugs
1155982 – Pound POODLE exploit<br
Rebase to 2.7d. Notably allows disabling protocols known to be bad to prevent “POODLE” attack.

Update to the codebase of Extended Support Release (ESR) 31.2.0
Fixes various security issues, see https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html and https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html for more info

Resolved Bugs
1154335 – Upgrade to latest 2.6 release of Pound<br
Backport various security fixes.
Note they usually are extra options that need
to be enabled manually so that we won’t break functionality:
– CVE-2011-3389: Make it possible to deny use of “BEAST” vulnerable ciphers
– CVE-2012-4929: Disable compression to be safe from “CRIME”
– CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
– CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from “POODLE”
– A redirect XSS fix

Resolved Bugs
1155846 – CVE-2014-8350 php-Smarty: secure mode bypass
1155849 – php-Smarty: secure mode bypass [epel-all]<br
New upstream release, fix CVE-2014-8350
New upstream release

Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151261 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [epel-6]<br
Apply fixes for CVE-2014-3686