Security support for the chromium web browser is now discontinued
for the stable distribution (wheezy). Chromium upstream stopped
supporting wheezy’s build environment (gcc 4.7, make, etc.), so
there is no longer any practical way to continue building security
updates.

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.

Jakub Wilk discovered that in requests, an HTTP library for the Python
language, authentication information was improperly handled when a
redirect occured. This would allow remote servers to obtain two
different types of sensitive information: proxy passwords from the
Proxy-Authorization header
(CVE-2014-1830), or netrc passwords from the Authorization header
(CVE-2014-1829).

Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing
HTTP proxy, which might result in denial of service.

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.

Two vulnerabilities have been discovered in VirtualBox, a x86
virtualisation solution, which might result in denial of service.

Several vulnerabilities have been fixed in eglibc, Debian’s version of
the GNU C library:

Multiple vulnerabilities were discovered in the dissectors/parsers for
SSL/TLS and DEC DNA, which could result in denial of service.

Multiple security issues have been discovered in the Xen virtualisation
solution which may result in denial of service, information disclosure
or privilege escalation.

Matthew Daley discovered that squid, a web proxy cache, does not
properly perform input validation when parsing requests. A remote
attacker could use this flaw to mount a denial of service attack, by
sending specially crafted Range requests.