(Aug 8) Multiple CVE fixes.
Comment
(Aug 6) libxcursor could be made to crash or run programs if it opened a specially crafted file.
(Aug 6) LFTP could be made to crash if it received specially crafted file.
(Aug 8) Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the build_res_buf_from_sip_req function could result in denial of service and potentially the execution of arbitrary code.
(Aug 7) New upstream version 0.7alpha. Fixes CVE-2018-14679 libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks