Debian Linux Security Advisory 3404-1 – Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application’s settings.

Red Hat Security Advisory 2015-2515-01 – Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user’s system.

Red Hat Security Advisory 2015-2516-01 – Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Ubuntu Security Notice 2820-1 – Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code.

HP Security Bulletin HPSBGN03523 1 – A potential security vulnerability has been identified in HP Loadrunner Virtual Table Server that could be exploited remotely resulting in the execution of code. Revision 1 of this advisory.

Ubuntu Security Notice 2818-1 – It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code.

Debian Linux Security Advisory 3406-1 – It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code.

Debian Linux Security Advisory 3405-1 – Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.

Red Hat Security Advisory 2015-2520-01 – The Network Time Protocol is used to synchronize a computer’s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client’s polling interval value, and effectively disable synchronization with the server.

Red Hat Security Advisory 2015-2519-01 – Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A same-origin policy bypass flaw was found in the way Thunderbird handled certain cross-origin resource sharing requests. A web page containing malicious content could cause Thunderbird to disclose sensitive information.