Two vulnerabilities were reported in BIND, a DNS server.

Sergey Bobrov discovered that cookie parsing in Django and Google
Analytics interacted such a way that an attacker could set arbitrary
cookies. This allows other malicious web sites to bypass the
Cross-Site Request Forgery (CSRF) protections built into Django.

Several vulnerabilities were discovered in libarchive, a multi-format
archive and compression library, which may lead to denial of service
(memory consumption and application crash), bypass of sandboxing
restrictions and overwrite arbitrary files with arbitrary data from an
archive, or the execution of arbitrary code.

Tuomas Räsänen discovered two vulnerabilities in unADF, a tool to extract
files from an Amiga Disk File dump (.adf):

This updates fixes several vulnerabilities in imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service or the execution of arbitrary code if
malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.

Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code or
information disclosure.

Several vulnerabilities were discovered in OpenSSL:

Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely
exploitable crash and heap corruption vulnerabilities in the format
parsing code in Irssi, a terminal based IRC client.

Multiple vulnerabilities were discovered in the dissectors for H.225,
Catapult DCT2000, UMTS FP and IPMI, which could result in denial of
service or the execution of arbitrary code.

It was discovered that there was a CSRF vulnerability in mailman, a
web-based mailing list manager, which could allow an attacker to obtain
a user’s password.