Debian GNU/Linux 7 Extended LTS:
ELA-10-1 exiv2 security update
Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and application crash.

Debian GNU/Linux 8 LTS:
DLA 1398-1: php-horde-crypt security update
It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an encrypted email.

DLA 1399-1: ruby-passenger security update
Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible.

DLA 1400-1: tomcat7 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

DLA 1401-1: graphicsmagick security update
Various security issues were discovered in Graphicsmagick, a collection of image processing tools. Heap-based buffer overflows or overreads may lead to a denial of service or disclosure of in-memory information or other unspecified impact by processing a malformed image file.

DLA 1402-1: exiv2 security update
Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and application crash.

Debian GNU/Linux 9:
DSA 4235-1: firefox-esr security update
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.

DSA 4236-1: xen security update
Multiple vulnerabilities have been discovered in the Xen hypervisor