Moritz Mühlenhoff

**Name of the Vulnerable Software and Affected Versions** Iceweasel-firegpg versions prior to 0.6 **Description** A symlink issue exists due to insecure tempfile handling. **Recommendations** For versions prior to 0.6, update to version 0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** konversation versions prior to 1.2.3 **Description** The issue allows attackers to cause a denial of service. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** jetty versions prior to 6.1.21 **Description** The issue is related to a stored XSS vulnerability in the Cookie Dump Servlet. **Recommendations** For versions prior to 6.1.21, update to version 6.1.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** jetty versions prior to 6.1.21 **Description** The issue is related to a WebApp JSP Snoop page XSS in jetty. **Recommendations** For versions prior to 6.1.21, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** jetty versions prior to 6.1.22 **Description** The issue is related to a Dump Servlet information leak in jetty. **Recommendations** For versions prior to 6.1.22, update to version 6.1.22 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** jetty versions prior to 6.1.22 **Description** The issue concerns a JSP Dump and Session Dump Servlet XSS in jetty. **Recommendations** For versions prior to 6.1.22, update to version 6.1.22 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libvpx versions prior to the fixed version Android versions Android-10 **Description** The issue is related to a missing bounds check in libvpx, which could lead to a possible out of bounds read. This may result in remote information disclosure without requiring additional execution privileges. User interaction is necessary for exploitation. **Recommendations** For libvpx, update to a version that includes the fix for the out of bounds read issue. For Android versions Android-10, apply the security patch that addresses the libvpx vulnerability. As a temporary workaround, consider restricting access to multimedia content that utilizes the libvpx library until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Notmuch versions prior to 0.11.1 **Description** The issue allows user-assisted remote attackers to read arbitrary files via crafted MML tags. When using the Emacs interface, these tags are not properly quoted in an email reply, which can cause the files to be attached to the message. **Recommendations** For versions prior to 0.11.1, update to version 0.11.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted MML tags in email replies until the update is applied.