Alasdair MacGregor discovered that mountall created a udev rule file with world-writable permissions. A local attacker could exploit this under certain conditions to cause udev to execute arbitrary commands as the root user.
Moxie Marlinspike discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
gnutls26: the GNU TLS library - commandline utilities - gnutls13: the GNU TLS library - commandline utilities The GnuTLS library could be made to crash under certain conditions.