Upstream support for the 4.3 release series has ended and since no
information is available which would allow backports of isolated
security fixes, security support for virtualbox in jessie needed to be
ended as well.

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

Roland Tapken discovered that insufficient input sanitising in KMail’s
plain text viewer allowed the injection of HTML code.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

It has been discovered that Tor treats the contents of some buffer
chunks as if they were a NUL-terminated string. This issue could
enable a remote attacker to crash a Tor client, hidden service, relay,
or authority.

It was discovered that the zebra daemon in the Quagga routing suite
suffered from a stack-based buffer overflow when processing IPv6
Neighbor Discovery messages.

Multiple vulnerabilities have been discovered in the GD Graphics Library,
which may result in denial of service or potentially the execution of
arbitrary code if a malformed file is processed.

Multiple vulnerabilities were discovered in the FreeImage multimedia
library, which might result in denial of service or the execution of
arbitrary code if a malformed XMP or RAW image is processed.

Several vulnerabilities were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which may lead to the execution of arbitrary
code or information disclosure if a specially crafted Postscript file is
processed.

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.