Resolved Bugs
1124601 – update thunderbird for EPEL7<br
Update to Thunderbird to latest upstream release, includes a number of bugfixes. Release Notes can be found here: https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/
Latest security update of Mozilla products. See list of changes here:
https://www.mozilla.org/en-US/firefox/32.0/releasenotes/
https://www.mozilla.org/en-US/thunderbird/31.1.0/releasenotes/

Resolved Bugs
1157342 – konversation: out-of-bounds read flaw [fedora-all]
1156418 – CVE-2014-8483 quassel, konversation: out-of-bounds read on a heap-allocated array<br
Pull in 1.5 branch fixes, including… out-of-bounds read flaw (#1157342,1156418)

Resolved Bugs
1157342 – konversation: out-of-bounds read flaw [fedora-all]
1156418 – CVE-2014-8483 quassel, konversation: out-of-bounds read on a heap-allocated array<br
Pull in 1.5 branch fixes, including… out-of-bounds read flaw (#1157342,1156418)

Resolved Bugs
1157304 – CVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
1157306 – CVE-2014-3623 wss4j: Apache WSS4J / Apache CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods [fedora-all]<br
Security fix for CVE-2014-3623)

New features:
– Send list of compliance reasons on dbus
– Added client-side support for –matches on the list command.
Security:
– 1153375: Support TLSv1.2 and v1.1 by default. (CVE-2014-3566)
Bug fixes:
– 1120772: Don’t traceback on missing /ostree/repo
– 1094747: add appdata metdata file
– 1122107: Clarify registration –consumerid option in manpage.
– 1151925: Improved filtered listing output when results are empty.
– 990183: Add a manpage for rhsm.conf

Resolved Bugs
1157342 – konversation: out-of-bounds read flaw [fedora-all]
1156418 – CVE-2014-8483 quassel, konversation: out-of-bounds read on a heap-allocated array<br
pull in 1.5 branch fixes, including… out-of-bounds read flaw (#1157342,1156418)

Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151260 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [fedora-all]<br
Security fix for CVE-2014-3686. Update to version 2.3 from upstream

New features:
– Send list of compliance reasons on dbus
– Added client-side support for –matches on the list command.
Security:
– 1153375: Support TLSv1.2 and v1.1 by default. (CVE-2014-3566)
Bug fixes:
– 1120772: Don’t traceback on missing /ostree/repo
– 1094747: add appdata metdata file
– 1122107: Clarify registration –consumerid option in manpage.
– 1151925: Improved filtered listing output when results are empty.
– 990183: Add a manpage for rhsm.conf

Resolved Bugs
1151259 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
1151260 – CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue [fedora-all]<br
Apply fixes for CVE-2014-3686

Backport various security fixes.
Note they usually are extra options that need
to be enabled manually so that we won’t break functionality:
– CVE-2011-3389: Make it possible to deny use of “BEAST” vulnerable ciphers
– CVE-2012-4929: Disable compression to be safe from “CRIME”
– CVE-2005-2090: Chunked encofing response splitting (no awkward name here)
– CVE-2014-3566: Allow disabling SSLv3 (and others), to be safe from “POODLE”
– A redirect XSS fix