Matthew Daley discovered that squid, a web proxy cache, does not
properly perform input validation when parsing requests. A remote
attacker could use this flaw to mount a denial of service attack, by
sending specially crafted Range requests.

James Clawson discovered that websvn, a web viewer for Subversion
repositories, would follow symlinks in a repository when presenting a
file for download. An attacker with repository write access could
thereby access any file on disk readable by the user the webserver
runs as.

A vulnerability was discovered in PolarSSL, a lightweight crypto and
SSL/TLS library. A remote attacker could exploit this flaw using
specially crafted certificates to mount a denial of service against an
application linked against the library (application crash), or
potentially, to execute arbitrary code.

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle’s
Critical Patch Update advisory for further details:

A vulnerability has been discovered in the web interface of sympa, a
mailing list manager. An attacker could take advantage of this flaw in
the newsletter posting area, which allows sending to a list, or to
oneself, any file located on the server filesystem and readable by the
sympa user.

Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing
HTTP proxy.

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail and news client: Multiple memory safety
errors and implementation errors may lead to the execution of arbitrary
code, information leaks or denial of service.

John Houwer discovered a way to cause xdg-open, a tool that automatically
opens URLs in a user’s preferred application, to execute arbitrary
commands remotely.

It was discovered that lsyncd, a daemon to synchronize local directories
using rsync, performed insufficient sanitising of filenames which might
result in the execution of arbitrary commands.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or information leaks.