Andreas Hug discovered an open redirect in Django, a Python webdevelopment framework, which is exploitable ifdjango.middleware.common.CommonMiddleware is used and theAPPEND_SLASH setting is enabled.
More info:
https://www.debian.org/security/2018/dsa-4264
Jann Horn discovered a directory traversal vulnerability in cgit, a fastweb frontend for git repositories written in C. A remote attacker cantake advantage of this flaw to retrieve arbitrary files via a speciallycrafted request, when enable-http-clone=1 (default) is not turned off.
More info:
https://www.debian.org/security/2018/dsa-4263
It was discovered that the Apache XML Security for C++ library performedinsufficient validation of KeyInfo hints, which could result in denialof service via NULL pointer dereferences when processing malformed XMLdata.
More info:
https://www.debian.org/security/2018/dsa-4265
Multiple vulnerabilities have been found in the Symfony PHP frameworkwhich could lead to open redirects, cross-site request forgery,information disclosure, session fixation or denial of service.
More info:
https://www.debian.org/security/2018/dsa-4262
