This is a special roundup!

1. We have now been doing this for two full months (since September 22)
2. run 10 roundups
3. have examined 997 vulnerabilities (!)

This is also special because it is the first time the tooling I've written can be open source, AND LWN has given me written permission to be using their database for this purpose. This tooling now lives at https://github.com/NixOS/security.

Here are all the vulnerabilities from https://lwn.net/Vulnerabilities
since our last roundup.

cc: @FRidh, @fpletz, @NeQuissimus, and @phanimahesh.

_Note:_ The list of people CC'd on this issue participated in the last
roundup. If you participate on this roundup, I'll cc you on the next
one. If you don't participate in the next one, you won't be CC'd on
the one after that. If you would like to be CC'd on the next roundup,
add a comment to the most recent vulnerability roundup. If you
would like to be CC'd on _all_ roundups, leave a comment and tell
@grahamc so.

Permanent CC's: @joepie91, @NixOS/security-notifications
(if you no longer want to be CC'd, ask to be removed from this list)

Notes on the list

1. The reports have been roughly grouped by the package name. This
   isn't perfect, but is intended to help identify if a whole group
   of reports is resolved already.
2. Some issues will be duplicated, because it affects multiple packages.
   For example, there are sometimes problems that impact thunderbird,
   and firefox. LWN might report in one vulnerability "thunderbird
   firefox". These names have been split to make sure both packages get
   addressed.
3. By each issue is a link to code search for the package name, and
   a Github search by filename. These are to help, but may not return
   results when we do in fact package the software. If a search
   doesn't turn up, please try altering the search criteria or
   looking in nixpkgs manually before asserting we don't have it.
4. This issue is created by https://github.com/NixOS/security

Instructions:

1. Triage a report: If we don't have the software or our version isn't
   vulnerable, tick the box or add a comment with the report number,
   stating it isn't vulnerable.
2. Fix the issue: If we do have the software and it is vulnerable,
   either leave a comment on this issue saying so, even open a pull
   request with the fix. If you open a PR, make sure to tag this
   issue so we can coordinate.
3. When an entire section is completed, move the section to the
   "Triaged and Resolved Issues" details block below.

Upon Completion ...

• [x] Run the issue through reformat one last time
• [x] Review commits since last roundup for backport candidates
• [x] Update https://github.com/NixOS/nixpkgs/issues/13515 with a
  summary.
• [x] Update the database at https://github.com/NixOS/security

Without further ado...

Assorted (23 issues)

• [x] [#706586](https://lwn.net/Vulnerabilities/706586/) (search, files) gst-plugins-bad0.10: code execution
• [x] [#706842](https://lwn.net/Vulnerabilities/706842/) (search, files) gst-plugins-bad: code execution
• [x] [#706851](https://lwn.net/Vulnerabilities/706851/) (search, files) graphicsmagick: denial of service
• [x] [#706582](https://lwn.net/Vulnerabilities/706582/) (search, files) akonadi: denial of service
• [x] [#706577](https://lwn.net/Vulnerabilities/706577/) (search, files) atomic-openshift: redirect network traffic
• [x] [#706846](https://lwn.net/Vulnerabilities/706846/) (search, files) libtiff: multiple vulnerabilities
• [x] [#707046](https://lwn.net/Vulnerabilities/707046/) (search, files) qemu: denial of service
• [x] [#707037](https://lwn.net/Vulnerabilities/707037/) (search, files) ipsilon: information leak/denial of service
• [x] [#663078](https://lwn.net/Vulnerabilities/663078/) (search, files) krb5: multiple vulnerabilities
• [x] [#638448](https://lwn.net/Vulnerabilities/638448/) (search, files) mongodb: denial of service
• [x] [#707043](https://lwn.net/Vulnerabilities/707043/) (search, files) sniffit: privilege escalation
• [x] [#707040](https://lwn.net/Vulnerabilities/707040/) (search, files) w3m: multiple vulnerabilities
• [x] [#706844](https://lwn.net/Vulnerabilities/706844/) (search, files) gnuchess: code execution
• [x] [#706588](https://lwn.net/Vulnerabilities/706588/) (search, files) libarchive: unspecified
• [x] [#635283](https://lwn.net/Vulnerabilities/635283/) (search, files) libuv: privilege escalation
• [x] [#706852](https://lwn.net/Vulnerabilities/706852/) (search, files) otrs: code execution
• [x] [#707038](https://lwn.net/Vulnerabilities/707038/) (search, files) drupal: multiple vulnerabilities
• [x] [#706734](https://lwn.net/Vulnerabilities/706734/) (search, files) firefox: timing side channel
• [x] [#707045](https://lwn.net/Vulnerabilities/707045/) (search, files) moodle: multiple vulnerabilities
• [x] [#706581](https://lwn.net/Vulnerabilities/706581/) (search, files) nss, nss-util: two vulnerabilities
• [x] [#706581](https://lwn.net/Vulnerabilities/706581/) (search, files) nss, nss-util: two vulnerabilities
• [x] [#707039](https://lwn.net/Vulnerabilities/707039/) (search, files) php: code execution
• [x] [#706848](https://lwn.net/Vulnerabilities/706848/) (search, files) wireshark: multiple vulnerabilities

drupal7 (2 issues)

• [x] [#707041](https://lwn.net/Vulnerabilities/707041/) (search, files) drupal7: URL injection
• [x] [#706841](https://lwn.net/Vulnerabilities/706841/) (search, files) drupal: multiple vulnerabilities

firefox (3 issues)

• [x] [#707047](https://lwn.net/Vulnerabilities/707047/) (search, files) mozilla: code execution
• [x] [#706580](https://lwn.net/Vulnerabilities/706580/) (search, files) firefox: multiple vulnerabilities
• [x] [#706731](https://lwn.net/Vulnerabilities/706731/) (search, files) firefox: multiple vulnerabilities

kernel (2 issues)

• [x] [#706735](https://lwn.net/Vulnerabilities/706735/) (search, files) kernel: denial of service
• [x] [#707044](https://lwn.net/Vulnerabilities/707044/) (search, files) kernel: denial of service