Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to
manage ASN.1 structures, does not correctly handle certain malformed DER
certificates. A remote attacker can take advantage of this flaw to cause
an application using the Libtasn1 library to hang, resulting in a denial
of service.

Blake Burkhart discovered an arbitrary code execution flaw in
Mercurial, a distributed version control system, when using the convert
extension on Git repositories with specially crafted names. This flaw in
particular affects automated code conversion services that allow
arbitrary repository names.

Two vulnerabilities were discovered in openafs, an implementation of the
distributed filesystem AFS. The Common Vulnerabilities and Exposures
project identifies the following problems:

It was discovered that libpam-sshauth, a PAM module to authenticate
using an SSH server, does not correctly handle system users. In certain
configurations an attacker can take advantage of this flaw to gain root
privileges.

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer
toolkit.

Several vulnerabilities have been discovered in the chromium web browser.

Several security vulnerabilities were found in botan1.10, a C++
library which provides support for many common cryptographic
operations, including encryption, authentication, X.509v3 certificates
and CRLs.

Several vulnerabilities were discovered in tardiff, a tarball comparison
tool. The Common Vulnerabilities and Exposures project identifies the
following problems:

It was discovered that a heap overflow in the Poppler PDF library may
result in denial of service and potentially the execution of arbitrary
code if a malformed PDF file is opened.

Several vulnerabilities were discovered in Subversion, a version control
system. The Common Vulnerabilities and Exposures project identifies the
following problems: