Andrea Basile discovered that the archive plugin in roundcube, askinnable AJAX based webmail solution for IMAP servers, does notproperly sanitize a user-controlled parameter, allowing a remoteattacker to inject arbitrary IMAP commands and perform maliciousactions.
More info:
https://www.debian.org/security/2018/dsa-4181
It has been discovered that Tor, a connection-based low-latencyanonymous communication system, contains a protocol-list handling bugthat could be used to remotely crash directory authorities with anull-pointer exception (TROVE-2018-001).
More info:
https://www.debian.org/security/2018/dsa-4183
Several vulnerabilities have been discovered in the chromium web browser.
More info:
https://www.debian.org/security/2018/dsa-4182
