Multiple vulnerabilities were found in OpenLDAP, a free implementation
of the Lightweight Directory Access Protocol.

Jodie Cunningham discovered multiple vulnerabilities in freexl, a
library to read Microsoft Excel spreadsheets, which might result in
denial of service or the execution of arbitrary code if a malformed Excel
file is opened.

A denial of service vulnerability was found in the Shibboleth (an
federated identity framework) Service Provider. When processing certain
malformed SAML message generated by an authenticated attacker, the
daemon could crash.

Multiple vulnerabilities have been discovered in Dulwich, a Python
implementation of the file formats and protocols used by the Git version
control system. The Common Vulnerabilities and Exposures project
identifies the following problems:

Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit
for processing SVG images, would load XML external entities by
default. If a user or automated system were tricked into opening a
specially crafted SVG file, an attacker could possibly obtain access
to arbitrary files or cause resource consumption.

Daniel Chatfield discovered that python-django, a high-level Python web
development framework, incorrectly handled user-supplied redirect URLs.
A remote attacker could use this flaw to perform a cross-site scripting
attack.

Researchers at INRIA and Xamarin discovered several vulnerabilities in
mono, a platform for running and developing applications based on the
ECMA/ISO Standards. Mono’s TLS stack contained several problems that
hampered its capabilities: those issues could lead to client
impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening
(via FREAK).

Several denial-of-service issues have been discovered in Tor, a
connection-based low-latency anonymous communication system.

Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser. The Common Vulnerabilities and
Exposures project identifies the following problems:

Multiple vulnerabilities have been found in the Drupal content management
framework. More information can be found at