Pierre Kim discovered two vulnerabilities in the restful API of Ganeti,
a virtual server cluster management tool. SSL parameter negotiation
could result in denial of service and the DRBD secret could leak.

Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause that application to use an
excessive amount of CPU, leak potentially sensitive information, or
crash the application.

Michal Kowalczyk and Adam Chester discovered that missing input
sanitising in the foomatic-rip print filter might result in the
execution of arbitrary commands.

It was discovered that malicious web applications could use the
Expression Language to bypass protections of a Security Manager as
expressions were evaluated within a privileged code section.

It was discovered that the Mechanism plugin of Blueman, a graphical
Bluetooth manager, allows local privilege escalation.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service, information leak
or data loss.

Cédric Krier discovered a vulnerability in the server-side of Tryton, an
application framework written in Python. An authenticated malicious
user can write arbitrary values in record fields due missed checks of
access permissions when multiple records are written.

Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors,
integer overflows, use-after-frees and other implementation errors
may lead to the execution of arbitrary code, bypass of the same-origin
policy or denial of service.

Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group,
found an integer underflow vulnerability in Grub2, a popular bootloader.
A local attacker can bypass the Grub2 authentication by inserting a
crafted input as username or password.

Ivan Zhakov discovered an integer overflow in mod_dav_svn, which allows
an attacker with write access to the server to execute arbitrary code or
cause a denial of service.