(Jan 1) Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. For the stable distribution (stretch), this problem has been fixed in
Comment
(Dec 30) **Archive_Tar version 1.4.4** * Fix Bug #21058: Long symlinks are not supported [mrook] * Fix Bug #23782: Prevent phar:// files from being extracted [mrook] — **PEAR** * drop deprecated option used when running `pear run-tests`
(Dec 26) Resiliency is an important factor to consider when evaluating an email security solution, yet this characteristic often goes overlooked. …
(Dec 27) The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow non- whitelisted attributes to be used on a whitelisted HTML element.
(Dec 31) Updated to 3.3.4. Security fix by upstream: Anti-Phishing protection.. Server-provided text will not appear in user-facing GUI windows anymore. Server error messages are instead parsed and mapped to predefined strings.