Jason Geffner discovered a buffer overflow in the emulated floppy
disk drive, resulting in potential privilege escalation.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thomas Goirand uploaded new packages for horizon which fixed the
following security problem:

CVE-2015-3988:
  Sunil Yadav from IBM Security Services reported a persistent XSS in
  Horizon. An authenticated user may conduct a persistent XSS attack by
  setting a malicious metadata to a Glance image, a Nova flavor or a
  Host Aggregate and tricking an administrator to load the update
  metadata page. Once executed in a legitimate context this attack may
  result in a privilege escalation.

For the jessie-backports distribution the problems have been fixed in
2015.1.0-2~bpo8+1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVZCO3AAoJEPGmQ7akrBn8ZpUP/0wjrxnfZIQRCU6eKtqiOw81
XnEOLBiMj04yI0zVUGX99M6kob1pICU3E+yTE2c78ryalWzHkdEoJ85zbWeeP5HS
pNHOexRalYKIz/kdUeuTvkoTFVvUyR2G51OSEDU5vXcw+YHEkhxbKPZUlc++cqm8
f/Qj10Al7HHthcC1guxUhL9gQXq28rEf8Iswok4/QUS/GI7fQea9aljFd8mKjXYm
0kzNiGNP3jfIg5JdI8//YV7er0eux00uFtSID3/iIYynzXttDw/Yn5HWfHxq/oRY
17MxehOULQIQVOLOQ

William Robinet and Michal Zalewski discovered multiple vulnerabilities
in the TIFF library and its tools, which may result in denial of
service or the execution of arbitrary code if a malformed TIFF file
is processed.

Wouter Verhelst uploaded new packages for nbd which fixed the following
security problems:

CVE-2015-0847
  Tuomas Räsänen discovered that nbd-server unsafe signal handling in
  nbd-server, the server for the Network Block Device protocol, could
  allow remote attackers to cause a deadlock in the server process and
  thus a denial of service.

CVE-2013-7441
  Tuomas Räsänen discovered that the modern-style negotiation was
  carried out in the main process before forking the actual client
  handler. This could allow a remote attacker to cause a denial of
  service (crash) by querying a non-existent export.

For the squeeze-backports distribution,the problems have been fixed in
version 1:3.2-4~deb7u5~bpo60+1.

The wheezy-backports and jessie-backports suites do not contain nbd
packages, and therefore are not vulnerable (but see DSA-3271-1).

Javantea discovered a NULL pointer dereference flaw in racoon, the
Internet Key Exchange daemon of ipsec-tools. A remote attacker can use
this flaw to cause the IKE daemon to crash via specially crafted UDP
packets, resulting in a denial of service.

Tuomas Räsänen discovered that unsafe signal handling in nbd-server, the
server for the Network Block Device protocol, could allow remote
attackers to cause a deadlock in the server process and thus a denial of
service.

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for
FUSE, does not scrub the environment before executing mount or umount
with elevated privileges. A local user can take advantage of this flaw
to overwrite arbitrary files and gain elevated privileges by accessing
debugging features via the environment that would not normally be safe
for unprivileged users.

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL
database system.

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL
database system.

Several vulnerabilities were discovered in the chromium web browser.