security updates

have to check views and entityreference for custom patches

sites/all/modules/contrib/mail/mimemail/README.txt

@@ -112,6 +112,10 @@
   CSS definitions into tags within the HTML based on the CSS selectors. To use the
   Compressor, just enable it.
 
+  The 'send arbitrary files' permission allows you to attach or embed files located
+  outside Drupal's public files directory. Note that this has security implications:
+  arbitrary means even your settings.php! Give to trusted roles only!
+
 
 -- CREDITS --