Emanuele Rocca discovered that ppp, a daemon implementing the
Point-to-Point Protocol, was subject to a buffer overflow when
communicating with a RADIUS server. This would allow unauthenticated
users to cause a denial-of-service by crashing the daemon.

Adam discovered several problems in inspircd, an IRC daemon:

Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4
playback, which could lead to the execution of arbitrary code.

John Lightsey discovered a format string injection vulnerability in the
localisation of templates in Movable Type, a blogging system. An
unauthenticated remote attacker could take advantage of this flaw to
execute arbitrary code as the web server user.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Matthew Vernon uploaded new packages for shibboleth-sp which fixed the
following security problems:

CVE-2015-2684
  A denial of service vulnerability was found in the Shibboleth (a
  federated identity framework) Service Provider. When processing
  certain malformed SAML messages generated by an authenticated
  attacker, the daemon could crash.

For the wheezy-backports distribution the problems have been fixed in
version 2.5.3+dfsg-2~bpo70+1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>

iQIcBAEBCgAGBQJVLPd/AAoJEBL00hyPamPIMVoP/R+8cuMtfB7ymeN8TpqkhSYg
HKH2G38qRXWntSNHIPL/K/Yl/OYMxTgh3qbOQQe7DdyE4DTY+s1IINU6e/ubhldH
1dtrl/OFX4+j1rEevuxs6/YC87jI1YojIRRhZEU6kE/Wc32YXqclDyCgMpIrzu3S
hjXVBCGaMZ9TQxnc4kdVOj7Cpr3InIMjI9bFuhnKP+65Eq+9EVwFyNgegO3o/AzL
NrVj1RRqaCjfGpf+aQJXCupUs6vxVx+81m645mVEShGc9Bd3BaGhM72AYKME/u4a
48xQYJ6YZXwYRh5JuUezud+Er7IPzBRVzlmSMgy+Xf0beitfw4HM+egYuhVL

Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony,
an alternative NTP client and server:

Adam Sampson discovered a buffer overflow in the handling of the
XAUTHORITY environment variable in das-watchdog, a watchdog daemon to
ensure a realtime process won’t hang the machine. A local user can
exploit this flaw to escalate his privileges and execute arbitrary
code as root.

Multiple vulnerabilities were discovered in ntp, an implementation of the
Network Time Protocol:

Abhishek Arya discovered a buffer overflow in the MakeBigReq macro
provided by libx11, which could result in denial of service or the
execution of arbitrary code.

Hanno Boeck discovered a stack-based buffer overflow in the
asn1_der_decoding function in Libtasn1, a library to manage ASN.1
structures. A remote attacker could take advantage of this flaw to cause
an application using the Libtasn1 library to crash, or potentially to
execute arbitrary code.