Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library.

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at

Patrick Coleman discovered that the Putty SSH client failed to wipe out
unused sensitive memory.

It was discovered that the Mozilla Network Security Service library
(nss) incorrectly handled certain ASN.1 lengths. A remote attacker could
possibly use this issue to perform a data-smuggling attack.

Multiple vulnerabilities have been discovered in Movable Type, a
blogging system. The Common Vulnerabilities and Exposures project
identifies the following problems:

Multiple vulnerabilities were discovered in libgcrypt:

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was
reading and using the SSH_MSG_KEXINIT packet without doing sufficient
range checks when negotiating a new SSH session with a remote server. A
malicious attacker could man in the middle a real server and cause a
client using the libssh2 library to crash (denial of service) or
otherwise read and use unintended memory areas in this process.

Thomas Klute discovered that in mod-gnutls, an Apache module providing
SSL and TLS encryption with GnuTLS, a bug caused the server’s client
verify mode not to be considered at all, in case the directory’s
configuration was unset. Clients with invalid certificates were then
able to leverage this flaw in order to get access to that directory.

Multiple security issues have been found in the Xen virtualisation
solution: