Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

Two vulnerabilities were reported in NSPR, a library to abstract over
operating system interfaces developed by the Mozilla project.

Several vulnerabilities were discovered in NSS, the cryptography
library developed by the Mozilla project.

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.8

Paul Rohar discovered that libdbd-mysql-perl, the Perl DBI database
driver for MySQL and MariaDB, constructed an error message in a
fixed-length buffer, leading to a crash (_FORTIFY_SOURCE failure) and,
potentially, to denial of service.

Several vulnerabilities have been discovered in the chromium web browser.

Gzob Qq discovered that the query-building functions in c-ares, an
asynchronous DNS request library would not correctly process crafted
query names, resulting in a heap buffer overflow and potentially
leading to arbitrary code execution.

Several vulnerabilities were discovered in wordpress, a web blogging tool,
which could allow remote attackers to compromise a site via cross-site
scripting, cross-site request forgery, path traversal, or bypass restrictions.

Lukas Reschke discovered that Apache Jackrabbit, an implementation of
the Content Repository for Java Technology API, did not correctly
check the Content-Type header on HTTP POST requests, enabling
Cross-Site Request Forgery (CSRF) attacks by malicious web sites.