Here are all the vulnerabilities from https://lwn.net/Vulnerabilities
since our last roundup.

cc: @peterhoeg @7c6f434c @bendlas @LnL7 @phanimahesh @vcunat @tavyc @joachifm.

_Note:_ The list of people CC'd on this issue participated in the last
roundup. If you participate on this roundup, I'll cc you on the next
one. If you don't participate in the next one, you won't be CC'd on
the one after that. If you would like to be CC'd on the next roundup,
add a comment to the most recent vulnerability roundup.

Permanent CC's: @joepie91, @phanimahesh, @the-kenny, @7c6f434c, @k0001, @peterhoeg
@NixOS/security-notifications
If you would like to be CC'd on _all_ roundups (or removed from the
list), open a PR editing
https://github.com/NixOS/security/blob/master/lwnvulns/src/bin/instructions.md.

Notes on the list

1. The reports have been roughly grouped by the package name. This
   isn't perfect, but is intended to help identify if a whole group
   of reports is resolved already.
2. Some issues will be duplicated, because it affects multiple
   packages. For example, there are sometimes problems that impact
   thunderbird, and firefox. LWN might report in one vulnerability
   "thunderbird firefox". These names have been split to make sure
   both packages get addressed.
3. By each issue is a link to code search for the package name, and
   a Github search by filename. These are to help, but may not return
   results when we do in fact package the software. If a search
   doesn't turn up, please try altering the search criteria or
   looking in nixpkgs manually before asserting we don't have it.
4. This issue is created by https://github.com/NixOS/security

Instructions:

1. Triage a report: If we don't have the software or our version isn't
   vulnerable, tick the box or add a comment with the report number,
   stating it isn't vulnerable.
2. Fix the issue: If we do have the software and it is vulnerable,
   either leave a comment on this issue saying so, even open a pull
   request with the fix. If you open a PR, make sure to tag this
   issue so we can coordinate.
3. When an entire section is completed, move the section to the
   "Triaged and Resolved Issues" details block below.

Upon Completion ...

• [x] Run the issue through reformat one last time
• [x] Review commits since last roundup for backport candidates
• [x] Send an update e-mail to [email protected]
• [x] Update the database at https://github.com/NixOS/security

Without further ado...

Assorted (25 issues)

• [x] [#714850](https://lwn.net/Vulnerabilities/714850/) (search, files) diffoscope: file overwrite
• [x] [#715043](https://lwn.net/Vulnerabilities/715043/) (search, files) firebird: access restriction bypass
• [x] [#715166](https://lwn.net/Vulnerabilities/715166/) (search, files) libass: denial of service
• [x] [#715170](https://lwn.net/Vulnerabilities/715170/) (search, files) libplist: three vulnerabilities
• [x] [#714582](https://lwn.net/Vulnerabilities/714582/) (search, files) lynx: invalid URL parsing
• [x] [#715167](https://lwn.net/Vulnerabilities/715167/) (search, files) nagios-core: privilege escalation
• [x] [#714852](https://lwn.net/Vulnerabilities/714852/) (search, files) postfixadmin: security bypass
• [x] [#714853](https://lwn.net/Vulnerabilities/714853/) (search, files) python-crypto: code execution
• [x] [#715038](https://lwn.net/Vulnerabilities/715038/) (search, files) zoneminder: information disclosure
• [x] [#715045](https://lwn.net/Vulnerabilities/715045/) (search, files) kernel: denial of service
• [x] [#715045](https://lwn.net/Vulnerabilities/715045/) (search, files) kernel: denial of service
• [x] [#715165](https://lwn.net/Vulnerabilities/715165/) (search, files) dropbear: code execution
• [x] [#715041](https://lwn.net/Vulnerabilities/715041/) (search, files) jitsi: user spoofing
• [x] [#715162](https://lwn.net/Vulnerabilities/715162/) (search, files) kernel: information disclosure
• [x] [#714581](https://lwn.net/Vulnerabilities/714581/) (search, files) libevent: three vulnerabilities
• [x] [#715042](https://lwn.net/Vulnerabilities/715042/) (search, files) netpbm: three vulnerabilities
• [x] [#714586](https://lwn.net/Vulnerabilities/714586/) (search, files) php5: three vulnerabilities
• [x] [#715036](https://lwn.net/Vulnerabilities/715036/) (search, files) python-peewee: largely unspecified
• [x] [#715168](https://lwn.net/Vulnerabilities/715168/) (search, files) qemu: multiple vulnerabilities
• [x] [#715169](https://lwn.net/Vulnerabilities/715169/) (search, files) redis: code execution
• [x] [#715037](https://lwn.net/Vulnerabilities/715037/) (search, files) sshrc: unspecified
• [x] [#715045](https://lwn.net/Vulnerabilities/715045/) (search, files) kernel: denial of service
• [x] [#715171](https://lwn.net/Vulnerabilities/715171/) (search, files) tomcat: denial of service
• [x] [#715171](https://lwn.net/Vulnerabilities/715171/) (search, files) tomcat: denial of service
• [x] [#715035](https://lwn.net/Vulnerabilities/715035/) (search, files) wireshark: denial of service

mupdf (2 issues)

• [x] [#715044](https://lwn.net/Vulnerabilities/715044/) (search, files) mupdf: two vulnerabilities
• [x] [#715039](https://lwn.net/Vulnerabilities/715039/) (search, files) mupdf: denial of service

xen (2 issues)

• [x] [#715164](https://lwn.net/Vulnerabilities/715164/) (search, files) xen: denial of service
• [x] [#714585](https://lwn.net/Vulnerabilities/714585/) (search, files) xen: three vulnerabilities