Mandriva: 2013:244: davfs2

A vulnerability has been discovered and corrected in davfs2: Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation (CVE-2013-4362). The updated packages have been patched to correct this issue.
LXer Linux News

Mandriva: 2013:212: otrs

Updated otrs package fixes security vulnerability: It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue.
LXer Linux News