Here are all the vulnerabilities from https://lwn.net/Vulnerabilities
since our last roundup.

cc: @vcunat @the-kenny @7c6f434c @globin @bachp @nlewo @fpletz @NeQuissimus. (nice goup!)

_Note:_ The list of people CC'd on this issue participated in the last
roundup. If you participate on this roundup, I'll cc you on the next
one. If you don't participate in the next one, you won't be CC'd on
the one after that. If you would like to be CC'd on the next roundup,
add a comment to the most recent vulnerability roundup.

Permanent CC's: @joepie91, @phanimahesh, @the-kenny,
@NixOS/security-notifications
If you would like to be CC'd on _all_ roundups (or removed from the
list), open a PR editing
https://github.com/NixOS/security/blob/master/lwnvulns/src/bin/instructions.md.

Notes on the list

1. The reports have been roughly grouped by the package name. This
   isn't perfect, but is intended to help identify if a whole group
   of reports is resolved already.
2. Some issues will be duplicated, because it affects multiple
   packages. For example, there are sometimes problems that impact
   thunderbird, and firefox. LWN might report in one vulnerability
   "thunderbird firefox". These names have been split to make sure
   both packages get addressed.
3. By each issue is a link to code search for the package name, and
   a Github search by filename. These are to help, but may not return
   results when we do in fact package the software. If a search
   doesn't turn up, please try altering the search criteria or
   looking in nixpkgs manually before asserting we don't have it.
4. This issue is created by https://github.com/NixOS/security

Instructions:

1. Triage a report: If we don't have the software or our version isn't
   vulnerable, tick the box or add a comment with the report number,
   stating it isn't vulnerable.
2. Fix the issue: If we do have the software and it is vulnerable,
   either leave a comment on this issue saying so, even open a pull
   request with the fix. If you open a PR, make sure to tag this
   issue so we can coordinate.
3. When an entire section is completed, move the section to the
   "Triaged and Resolved Issues" details block below.

Upon Completion ...

• [x] Run the issue through reformat one last time
• [ ] Review commits since last roundup for backport candidates
• [ ] Send an update e-mail to [email protected]
• [x] Update the database at https://github.com/NixOS/security

Without further ado...

Assorted (28 issues)

• [x] [#712299](https://lwn.net/Vulnerabilities/712299/) (search, files) ed: denial of service
• [x] [#712364](https://lwn.net/Vulnerabilities/712364/) (search, files) gd: two denial of service flaws
• [x] [#712065](https://lwn.net/Vulnerabilities/712065/) (search, files) libav: multiple vulnerabilities
• [x] [#640613](https://lwn.net/Vulnerabilities/640613/) (search, files) ppp: denial of service
• [x] [#662269](https://lwn.net/Vulnerabilities/662269/) (search, files) squid: nonce replay vulnerability
• [x] [#711945](https://lwn.net/Vulnerabilities/711945/) (search, files) webkit2gtk: multiple vulnerabilities
• [x] [#712297](https://lwn.net/Vulnerabilities/712297/) (search, files) groovy: code execution
• [x] [#712057](https://lwn.net/Vulnerabilities/712057/) (search, files) java: multiple vulnerabilities
• [x] [#712058](https://lwn.net/Vulnerabilities/712058/) (search, files) java: multiple vulnerabilities
• [x] [#712059](https://lwn.net/Vulnerabilities/712059/) (search, files) java: two unspecified vulnerabilities
• [x] [#712369](https://lwn.net/Vulnerabilities/712369/) (search, files) kernel: privilege escalation
• [x] [#712067](https://lwn.net/Vulnerabilities/712067/) (search, files) mariadb: multiple unspecified vulnerabilities
• [x] [#712068](https://lwn.net/Vulnerabilities/712068/) (search, files) mysql: multiple vulnerabilities
• [x] [#712068](https://lwn.net/Vulnerabilities/712068/) (search, files) mysql: multiple vulnerabilities
• [x] [#642649](https://lwn.net/Vulnerabilities/642649/) (search, files) DirectFB: two vulnerabilities
• [x] [#480386](https://lwn.net/Vulnerabilities/480386/) (search, files) cvs: remote code execution
• [x] [#644511](https://lwn.net/Vulnerabilities/644511/) (search, files) dcraw: denial of service
• [x] [#712370](https://lwn.net/Vulnerabilities/712370/) (search, files) firejail: three vulnerabilities
• [x] [#712359](https://lwn.net/Vulnerabilities/712359/) (search, files) hesiod: two vulnerabilities
• [x] [#712300](https://lwn.net/Vulnerabilities/712300/) (search, files) libnl3: privilege escalation
• [x] [#712363](https://lwn.net/Vulnerabilities/712363/) (search, files) tiff: code execution
• [x] [#610398](https://lwn.net/Vulnerabilities/610398/) (search, files) lua: code execution
• [x] [#712060](https://lwn.net/Vulnerabilities/712060/) (search, files) mapserver: code execution
• [x] [#712298](https://lwn.net/Vulnerabilities/712298/) (search, files) opus: code execution
• [x] [#712155](https://lwn.net/Vulnerabilities/712155/) (search, files) php: code execution
• [x] [#711946](https://lwn.net/Vulnerabilities/711946/) (search, files) php-PHPMailer: information disclosure
• [x] [#712371](https://lwn.net/Vulnerabilities/712371/) (search, files) t1lib: code execution
• [x] [#712304](https://lwn.net/Vulnerabilities/712304/) (search, files) xtrabackup: information disclosure

qemu (2 issues)

• [x] [#712302](https://lwn.net/Vulnerabilities/712302/) (search, files) qemu: denial of service
• [x] [#712301](https://lwn.net/Vulnerabilities/712301/) (search, files) qemu: denial of service