It was discovered that wireshark, a network protocol analyzer,
contained several vulnerabilities in the dissectors for DCERPC,
AllJoyn, DTN, and OpenFlow, that could lead to various crashes,
denial-of-service, or execution of arbitrary code.

Multiple vulnerabilities has been found in the Drupal content management
framework. For additional information, please refer to the upstream advisory
at https://www.drupal.org/SA-CORE-2016-005

Chris Evans discovered that the GStreamer plugin to decode VMware screen
capture files allowed the execution of arbitrary code.

Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code or
bypass of the same-origin policy. Also, a man-in-the-middle attack in
the addon update mechanism has been fixed.

Several cross-site scripting vulnerabilities were discovered in moin, a
Python clone of WikiWiki. A remote attacker can conduct cross-site
scripting attacks via the GUI editor’s attachment dialogue
(CVE-2016-7146),
the AttachFile view (CVE-2016-7148)
and the GUI editor’s link dialogue (CVE-2016-9119).

Chris Evans discovered that the GStreamer 0.10 plugin to decode NES
Sound Format files allowed the execution of arbitrary code. Further
details can be found in his advisory at
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html.

In some configurations the MySQL storage backend for Akonadi, an
extensible cross-desktop Personal Information Management (PIM) storage
service failed to start after applying the MySQL 5.5.53 security upgrade.

Nicolas Braud-Santoni discovered that incorrect sanitising of character
escape sequences in the Terminology terminal emulator may result in the
execution of arbitrary commands.

Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.28. Please see the MariaDB 10.0 Release Notes for further
details:

Cris Neckar discovered multiple vulnerabilities in Pillow, a Python
imaging library, which may result in the execution of arbitrary code or
information disclosure if a malformed image file is processed.