It was discovered that the REXML parser, part of the interpreter for the
Ruby language, could be coerced into allocating large string objects that
could consume all available memory on the system. This could allow remote
attackers to cause a denial of service (crash).

Michal Zalewski and Hanno Boeck discovered several vulnerabilities in
unrtf, a RTF to other formats converter, leading to a denial of service
(application crash) or, potentially, the execution of arbitrary code.

Multiple vulnerabilities were discovered in the interpreter for the Ruby
language:

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database
system.

Several vulnerabilities were discovered in the ntp package, an
implementation of the Network Time Protocol. The Common Vulnerabilities
and Exposures project identifies the following problems:

A flaw was found in the test_compr_eb() function allowing out-of-bounds
read and write access to memory locations. By carefully crafting a
corrupt ZIP archive an attacker can trigger a heap overflow, resulting
in application crash or possibly having other unspecified impact.

Several vulnerabilities were discovered in Django, a high-level Python
web development framework. The Common Vulnerabilities and Exposures
project identifies the following problems:

Multiple vulnerabilities have been found in krb5, the MIT
implementation of Kerberos:

Florian Weimer, of Red Hat Product Security, discovered an issue in
condor, a distributed workload management system. Upon job completion,
it can optionally notify a user by sending an email; the mailx
invocation used in that process allowed for any authenticated user
able to submit jobs, to execute arbitrary code with the privileges of
the condor user.

Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia
player and streamer: