The security update announced as DLA-613-1 caused a regression. A missing null parameter set the $task variable in the rcmail_url() function to a boolean value which led to service not available errors when viewing attached images. Updated packages are now available to
A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed.
CVE-2017-10790 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node