Two vulnerabilities have been discovered in dokuwiki. Access control in
the media manager was insufficiently restricted and authentication could
be bypassed when using Active Directory for LDAP authentication.

Chad Vizino reported a vulnerability in torque, a PBS-derived batch
processing queueing system. A non-root user could exploit the flaw in
the tm_adopt() library call to kill any process, including root-owned
ones on any node in a job.

Sogeti found a denial of service flaw in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, would lead to excessive CPU consumption
(denial of service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default behavior.
(CVE-2014-3660)

Several vulnerabilities were discovered in libtasn1-3, a library that
manages ASN1 (Abstract Syntax Notation One) structures. An attacker
could use those to cause a denial-of-service via out-of-bounds access
or NULL pointer dereference.

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol
instant messaging client:

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle’s
Critical Patch Update advisory for further details:

Gunnar Wolf uploaded new packages for Drupal7 which fixed the
following security problems:

CVE 2014-3704 / SA-CORE-2014-005:
   Highly critical: Pre Auth SQL injection

   The expandArguments function in the database abstraction API in
   Drupal core 7.x before 7.32 does not properly construct prepared
   statements, which allows remote attackers to conduct SQL injection
   attacks via an array containing crafted keys. 

   https://www.drupal.org/SA-CORE-2014-005
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704
   https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html

For the squeeze-backports distribution the problems have been fixed in
version 7.14-2+deb7u7~bpo60+1.

For the wheezy-backports distribution the problems have been fixed in
version 7.32-1~bpo70+1.

Several vulnerabilities have been found in OpenSSL, the Secure Sockets
Layer library and toolkit.

Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors, buffer
overflows, use-after-frees and other implementation errors may lead to
the execution of arbitrary code, denial of service, the bypass of the
same-origin policy or a loss of privacy.

Jouni Malinen discovered an input sanitization issue in the wpa_cli and
hostapd_cli tools included in the wpa package. A remote wifi system
within range could provide a crafted string triggering arbitrary code
execution running with privileges of the affected wpa_cli or hostapd_cli
process.