Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code or
spoofing.

Patrick Coleman discovered that missing input sanitising in the ADPCM
decoder of the VLC media player may result in the execution of arbitrary
code if a malformed media file is opened.

Two related issues have been discovered in Expat, a C library for parsing
XML.

Several vulnerabilities were discovered in spice, a SPICE protocol
client and server library. The Common Vulnerabilities and Exposures
project identifies the following problems:

Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.25. Please see the MariaDB 10.0 Release Notes for further
details:

Several vulnerabilities have been discovered in the chromium web browser.

Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause a denial-of-service against
the application, or potentially the execution of arbitrary code with the
privileges of the user running the application.

It was discovered that a NULL pointer dereference in the Nginx code
responsible for saving client request bodies to a temporary file might
result in denial of service: Malformed requests could crash worker
processes.

Bob Friesenhahn from the GraphicsMagick project discovered a command
injection vulnerability in ImageMagick, a program suite for image
manipulation. An attacker with control on input image or the input
filename can execute arbitrary commands with the privileges of the user
running the application.

Several vulnerabilities have been discovered in the chromium web browser.