(Apr 1) Santosh Ananthakrishnan discovered a use-after-free in remctl, a server for Kerberos-authenticated command execution. If the command is configured with the sudo option, this could potentially result in the execution of arbitrary code.
(Apr 1) It was discovered that insufficient input sanitising in libevt, a library to access the Windows Event Log (EVT) format, could result in denial of service or the execution of arbitrary code if a malformed EVT file is processed.
(Apr 1) James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator’s chars() and words() methods
(Apr 1) Multiple vulnerabilities have been discovered in Irssi, a terminal-based IRC client which can result in denial of service. For the stable distribution (stretch), these problems have been fixed in