Rack could be made to crash if it received specially crafted network traffic.
Comment
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed Farbfeld, Wireless Bitmap, DICOM or Apple Icon images are opened.
It was discovered that the symlink validation in node-tar-fs, a Node.js module that provides filesystem-like access to tar files, could be bypassed.
Firefox 140.3.1 has been released, which fixes connection errors with some sites; if HTTP/3 connections failed, the fallback is now handled more gracefully.
Eugene Medvedev discovered that nncp, a package facilitating secure store-and-forward file and mail exchange, was susceptible to path traversal with the freq and file commands.