Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.

Multiple security issues have been found in the Xen virtualisation
solution, which may result in denial of service or information disclosure.

Several vulnerabilities were found in SPIP, a website engine for
publishing, resulting in code injection.

A local root privilege escalation vulnerability was found in Exim,
Debian’s default mail transfer agent, in configurations using the
perl_startup option (Only Exim via exim4-daemon-heavy enables Perl
support).

Multiple vulnerabilities were discovered in the dissectors/parsers for
DNP, RSL, LLRP, GSM A-bis OML, ASN 1 BER which could result in denial
of service.

Multiple vulnerabilities have been found in the Graphite font rendering
engine which might result in denial of service or the execution of
arbitrary code if a malformed font file is processed.

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:

Several vulnerabilities have been discovered in the chromium web browser.

Markus Vervier of X41 D-Sec GmbH discovered an integer overflow
vulnerability in libotr, an off-the-record (OTR) messaging library, in
the way how the sizes of portions of incoming messages were stored. A
remote attacker can exploit this flaw by sending crafted messages to an
application that is using libotr to perform denial of service attacks
(application crash), or potentially, execute arbitrary code with the
privileges of the user running the application.

Multiple security issues have been found in Iceweasel, Debian’s version
of the Mozilla Firefox web browser: Multiple memory safety errors,
buffer overflows, use-after-frees and other implementation errors may
lead to the execution of arbitrary code, denial of service, address bar
spoofing and overwriting local files.