Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server.

Mateusz Jurczyk discovered multiple vulnerabilities in
Freetype. Opening malformed fonts may result in denial of service or
the execution of arbitrary code.

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.47. Please see the MySQL 5.5 Release Notes and Oracle’s
Critical Patch Update advisory for further details:

Several vulnerabilities were discovered in the chromium web browser.

Isaac Boukris discovered that cURL, an URL transfer library, reused
NTLM-authenticated proxy connections without properly making sure that
the connection was authenticated with the same credentials as set for
the new transfer. This could lead to HTTP requests being sent over the
connection authenticated as a different user.

Multiple vulnerabilities have been discovered in VirtualBox, an x86
virtualisation solution.

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in breakouts of
the Java sandbox, information disclosur, denial of service and insecure
cryptography.

Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors and a
buffer overflow may lead to the execution of arbitrary code. In addition
the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.23. Please see the MariaDB 10.0 Release Notes for further
details:

DrWhax of the Tails project reported that Claws Mail is missing
range checks in some text conversion functions. A remote attacker
could exploit this to run arbitrary code under the account of a user
that receives a message from them using Claws Mail.