Arch Linux has updated docker (multiple vulnerabilities).
Debian has updated libtasn1-6 (denial of service), suricata (denial of service), and zeromq3 (security bypass).
Fedora has updated firefox (F20:
multiple vulnerabilities), libreoffice
(F20: code execution), netcf (F21;
F20: denial of service),
perl-XML-LibXML (F21; F20: information disclosure), proftpd (F21: unauthenticated copying of
files), prosody (F20: denial of service),
thunderbird (F20: multiple
vulnerabilities), and xulrunner (F20:
Mageia has updated wordpress (cross-site scripting).
Ubuntu has updated icu (15.04,
14.10, 14.04: code execution), kernel (14.10, 14.04:
regression in previous update), libtasn1-3,
libtasn1-6 (15.04, 14.10, 14.04, 12.04: denial of service), linux-lts-utopic (14.04: regression in
previous update), and linux-lts-trusty (12.04:
regression in previous update).
By corbet The 4.1 development cycle continues with the release of 4.1-rc3. “Go out and test. By -rc3,
things really should be pretty non-threatening and this would be a good
time to just make sure everything is running smoothly if you haven’t tried
one of the earlier development kernels already.”
At the Go Blog, Andrew Gerrand provides a look at the language’s
approach to combining example code and documentation. “Godoc examples
are snippets of Go code that are displayed as package documentation
and that are verified by running them as tests. They can also be run
by a user visiting the godoc web page for the package and clicking the
associated “Run” button. Having executable documentation for a package
guarantees that the information will not go out of date as the API
changes.” Each package’s examples are compiled as part of the
package test suite; examples can also (optionally) be executed in
order to capture failures with the testing framework.
Arch Linux has updated libtasn1 (code execution), mariadb (multiple vulnerabilites), and mariadb-clients (denial of service).
Debian has updated dnsmasq
(regression fix for previous advisory) and pound (multiple vulnerabilites).
Fedora has updated async-http-client (F20: multiple vulnerabilites), realmd (F21: unsanitized input), springframework (F20: information disclosure), testdisk (F20: multiple vulnerabilities), and v8 (F20; F21:
denial of service).
Mandriva has updated libtasn1 (BS1,2: code execution).
SUSE has updated DirectFB
(SLE12: multiple vulnerabilities), java-1_7_0-openjdk (SLED 11.3: multiple vulnerabilities), and kernel (SLE12 Live Patching: denial of service).
By jake Greg Kroah-Hartman has released the latest batch of stable kernels: 3.10.77, 3.14.41, 3.19.7, and 4.0.2. As usual, they contain fixes all over
the tree and users should upgrade.
By jake Over at Opensource.com, one of the translators for OpenStack, Łukasz Jernaś, is interviewed about the process of translating a large project like OpenStack. “How does OpenStack’s release cycle play into the translation process? Is it manageable to get translations done on a six-month release cycle?
Most of the work gets done after the string freeze period, which happens around a month before the release, with a lot of it being completed after getting the first release candidate out of the window. Documentation is translated during the entire cycle, as many parts are common between releases and can be deployed independently to the releases. So we don’t have to focus that much about deadlines, as it’s available online all the time and not prepackaged and pushed out to users and distributions. Of course, having a month to do the translations can be cumbersome, depending on the team doing the translation (some do that part time, some people in their spare time), and how many developers push out new strings during the string freeze.”
Debian has updated sqlite3 (three
Mageia has updated dpkg
(integrity verification bypass), libtasn1
(denial of service), perl-XML-LibXML
(information disclosure), qt3, qt4, and
qtbase5 (three vulnerabilities), and tcl-tcllib (cross-site scripting).
Mandriva has updated perl-XML-LibXML (BS1,2: information disclosure).