Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.

Multiple security issues have been found in the Xen virtualisation
solution, which may result in denial of service or information disclosure.

Several vulnerabilities were found in SPIP, a website engine for
publishing, resulting in code injection.

A local root privilege escalation vulnerability was found in Exim,
Debian’s default mail transfer agent, in configurations using the
perl_startup option (Only Exim via exim4-daemon-heavy enables Perl
support).

Multiple vulnerabilities were discovered in the dissectors/parsers for
DNP, RSL, LLRP, GSM A-bis OML, ASN 1 BER which could result in denial
of service.

Multiple vulnerabilities have been found in the Graphite font rendering
engine which might result in denial of service or the execution of
arbitrary code if a malformed font file is processed.

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:

Several vulnerabilities have been discovered in the chromium web browser.

Two vulnerabilities have been discovered in Rails, a web application
framework written in Ruby. Both vulnerabilities affect Action Pack, which
handles the web requests for Rails.

Two vulnerabilites have been discovered in ISC’s BIND DNS server.