Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors and
buffer overflows may lead to the execution of arbitrary code or denial
of service.

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, denial of service or information disclosure.

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.49. Please see the MySQL 5.5 Release Notes and Oracle’s
Critical Patch Update advisory for further details:

Hans Jerry Illikainen discovered that libgd2, a library for programmatic
graphics creation and manipulation, suffers of a signedness
vulnerability which may result in a heap overflow when processing
specially crafted compressed gd2 data. A remote attacker can take
advantage of this flaw to cause an application using the libgd2 library
to crash, or potentially, to execute arbitrary code with the privileges
of the user running the application.

Several vulnerabilities were discovered in imlib2, an image manipulation
library.

Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP
reverse proxy, is vulnerable to HTTP smuggling issues, potentially
resulting in cache poisoning or bypassing of access control policies.

Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:

Multiple security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine, which may result in information disclosure,
the bypass of CSRF protections and bypass of the SecurityManager.

It was discovered that fuseiso, a user-space implementation of the
ISO 9660 file system based on FUSE, contains several vulnerabilities.