LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Friday, November 7th, 2014
| Time |
Event |
| 4:21p |
Friday's security updates CentOS has updated php (C5: multiple vulnerabilities).
Debian has updated curl
(information leak),
konversation (denial of service), qemu (multiple vulnerabilities), and qemu-kvm (multiple vulnerabilities).
Fedora has updated hostapd (F19; F20:
command execution),
Pound (F19: multiple vulnerabilities), python-rhsm (F19; F20:
protocol downgrade),
seamonkey (F19: multiple vulnerabilities), subscription-manager (F20: protocol downgrade), webkitgtk3 (F19: protocol downgrade), wss4j (F20: authentication spoofing), and xml-security (F20: denial of service).
Oracle has updated php (O5: multiple vulnerabilities).
Red Hat has updated php (RHEL4: code execution; RHEL5:
multiple vulnerabilities).
Scientific Linux has updated mod_auth_mellon (SL6: multiple vulnerabilities) and php (SL5: multiple vulnerabilities). | | 6:25p |
Ubuntu, ownCloud, and a hidden dark side of Linux software repositories (PC World) Here's a
PC World article on the old, insecure version of ownCloud shipped in
Ubuntu 14.04 — and the difficulties in getting it updated or
removed.
Ubuntu’s developers initially balked at this. Why, this
isn’t the way the system works! The package is now locked-in for the stable
release and shouldn’t have any major changes, even though it’s a
fundamentally insecure piece of server software. Actually removing it would
be highly unusual. They proposed that ownCloud should take over maintenance
of the ownCloud packages in Ubuntu and keep them up-to-date. At the very
least, it was ownCloud’s job to create an empty package and go through the
bureaucratic process to push it out.
The writing is a little
breathless, but there is a valid issue here; the software found in the more
remote corners of distribution repositories may not be particularly well
maintained. | | 7:54p |
Peck: New GIMP Save/Export plug-in: Saver At her blog, Akkana Peck has announced a new GIMP plugin called "Saver" that is intended to replace the default Save/Export functionality introduced with the GIMP 2.8 release. GIMP 2.8 famously separated "Save"and "Export" into two separate functions, with "Save" only able to write out images to GIMP's native, multi-layer XCF format. As Peck notes, that change "has been a matter of much controversy. It's been over two years now, and people are still complaining on the gimp-users list." The new plugin is an attempt to perform the "expected" action in each circumstance. "I've been using Saver for nearly all my saving for the past year. If I'm just making a quick edit of a JPEG camera image, Ctrl-S overwrites it without questioning me. If I'm editing an elaborate multi-layer GIMP project, Ctrl-S overwrites the .xcf.gz. If I'm planning to export that image for the web, I Ctrl-Shift-S to bring up the Saver As... dialog, make sure the main filename is .xcf.gz, set a name (ending in .jpg) for the exported copy; and from then on, Ctrl-S will save both the XCF and the JPG copy. | | 9:41p |
FSF and Software Freedom Conservancy unveil Copyleft.org The Free Software Foundation (FSF) and the Software Freedom Conservancy (SFC) have announced a new site called Copyleft.org that will play host to "useful information, tutorial material, and new policy ideas regarding all forms of copyleft licensing." The most prominent content at present is a comprehensive guide to the concept of copyleft and copyleft licenses. The announcement notes that the content is viable, among other things, as training material. "As the author, primary interpreter, and ultimate authority on the GPL, the FSF is in a unique position to provide insights into understanding free software licensing. While the guide as a living text will not automatically reflect official FSF positions, the FSF has already approved and published one version for use at its Seminar on GPL Enforcement and Legal Ethics in March 2014." |
|