Security advisories for Monday

By ris

Arch Linux has updated docker (multiple vulnerabilities).

Debian has updated libtasn1-6 (denial of service), suricata (denial of service), and zeromq3 (security bypass).

Fedora has updated firefox (F20:
multiple vulnerabilities), libreoffice
(F20: code execution), netcf (F21;
F20: denial of service),
perl-XML-LibXML (F21; F20: information disclosure), proftpd (F21: unauthenticated copying of
files), prosody (F20: denial of service),
thunderbird (F20: multiple
vulnerabilities), and xulrunner (F20:
multiple vulnerabilities).

Mageia has updated wordpress (cross-site scripting).

Ubuntu has updated icu (15.04,
14.10, 14.04: code execution), kernel (14.10, 14.04:
regression in previous update), libtasn1-3,
libtasn1-6
(15.04, 14.10, 14.04, 12.04: denial of service), linux-lts-utopic (14.04: regression in
previous update), and linux-lts-trusty (12.04:
regression in previous update).

From: LWN

Share

Kernel prepatch 4.1-rc3

By corbet The 4.1 development cycle continues with the release of 4.1-rc3. “Go out and test. By -rc3,
things really should be pretty non-threatening and this would be a good
time to just make sure everything is running smoothly if you haven’t tried
one of the earlier development kernels already.

From: LWN

Share

Testable Examples in Go

By n8willis

At the Go Blog, Andrew Gerrand provides a look at the language’s
approach to combining example code and documentation. “Godoc examples
are snippets of Go code that are displayed as package documentation
and that are verified by running them as tests. They can also be run
by a user visiting the godoc web page for the package and clicking the
associated “Run” button. Having executable documentation for a package
guarantees that the information will not go out of date as the API
changes.
” Each package’s examples are compiled as part of the
package test suite; examples can also (optionally) be executed in
order to capture failures with the testing framework.

From: LWN

Share

Friday’s security updates

By n8willis

Arch Linux has updated libtasn1 (code execution), mariadb (multiple vulnerabilites), and mariadb-clients (denial of service).

Debian has updated dnsmasq
(regression fix for previous advisory) and pound (multiple vulnerabilites).

Fedora has updated async-http-client (F20: multiple vulnerabilites), realmd (F21: unsanitized input), springframework (F20: information disclosure), testdisk (F20: multiple vulnerabilities), and v8 (F20; F21:
denial of service).

Mandriva has updated libtasn1 (BS1,2: code execution).

SUSE has updated DirectFB
(SLE12: multiple vulnerabilities), java-1_7_0-openjdk (SLED 11.3: multiple vulnerabilities), and kernel (SLE12 Live Patching: denial of service).

From: LWN

Share

How OpenStack gets translated (Opensource.com)

By jake Over at Opensource.com, one of the translators for OpenStack, Łukasz Jernaś, is interviewed about the process of translating a large project like OpenStack. “How does OpenStack’s release cycle play into the translation process? Is it manageable to get translations done on a six-month release cycle?

Most of the work gets done after the string freeze period, which happens around a month before the release, with a lot of it being completed after getting the first release candidate out of the window. Documentation is translated during the entire cycle, as many parts are common between releases and can be deployed independently to the releases. So we don’t have to focus that much about deadlines, as it’s available online all the time and not prepackaged and pushed out to users and distributions. Of course, having a month to do the translations can be cumbersome, depending on the team doing the translation (some do that part time, some people in their spare time), and how many developers push out new strings during the string freeze.”

From: LWN

Share