Markus Vervier of X41 D-Sec GmbH discovered an integer overflow
vulnerability in libotr, an off-the-record (OTR) messaging library, in
the way how the sizes of portions of incoming messages were stored. A
remote attacker can exploit this flaw by sending crafted messages to an
application that is using libotr to perform denial of service attacks
(application crash), or potentially, execute arbitrary code with the
privileges of the user running the application.

Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors,
buffer overflows, use-after-frees and other implementation errors may
lead to the execution of arbitrary code, denial of service, address bar
spoofing and overwriting local files.

Several vulnerabilities were discovered in JasPer, a library for
manipulating JPEG-2000 files. The Common Vulnerabilities and Exposures
project identifies the following problems:

Several vulnerabilities have been discovered in the chromium web browser.

Alvaro Muñoz and Christian Schneider discovered that BeanShell, an
embeddable Java source interpreter, could be leveraged to execute
arbitrary commands: applications including BeanShell in their
classpath are vulnerable to this flaw if they deserialize data from an
untrusted source.

Multiple vulnerabilities were discovered in the dissectors/parsers for
Pcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,
802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL
and Sniffer which could result in denial of service.

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library.

Ralf Schlatterbeck discovered an information leak in roundup, a
web-based issue tracking system. An authenticated attacker could use it
to see sensitive details about other users, including their hashed
password.

The update for linux issued as DSA-3426-1 and DSA-3434-1 to address
CVE-2015-8543
uncovered a bug in ctdb, a clustered database to store
temporary data, leading to broken clusters. Updated packages are now
available to address this problem.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service, information
leak or data loss.