Several vulnerabilities were discovered in libevent, an asynchronous
event notification library. They would lead to Denial Of Service via
application crash, or remote code execution.

It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.

Editor spell files passed to the vim (Vi IMproved) editor
may result in an integer overflow in memory allocation
and a resulting buffer overflow which potentially
could result in the execution of arbitrary code or denial of
service.

It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.

Thomas Gerbet discovered that viewvc, a web interface for CVS and
Subversion repositories, did not properly sanitize user input. This
problem resulted in a potential Cross-Site Scripting vulnerability.

Multiple vulnerabilities have been discovered in the JasPer library
for processing JPEG-2000 images, which may result in denial of service
or the execution of arbitrary code if a malformed image is processed.

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the bypass of
Java sandbox restrictions, denial of service, arbitrary code execution,
incorrect parsing or URLs/LDAP DNs or cryptoraphice timing side channel
attacks.

Several issues have been discovered in PHP, a widely-used open source
general-purpose scripting language.

Luc Lynx discovered that SVG Salamander, a SVG engine for Java was
susceptible to server side request forgery.

Several vulnerabilities were discovered in wordpress, a web blogging
tool. They would allow remote attackers to hijack victims’
credentials, access sensitive information, execute arbitrary commands,
bypass read and post restrictions, or mount denial-of-service attacks.