Thursday, April 2nd, 2015

Time	Event
12:39a	[$] LWN.net Weekly Edition for April 2, 2015 The LWN.net Weekly Edition for April 2, 2015 is available. (Comment on this)
9:04a	Django 1.8 released Version 1.8 of the Django web platform is out. "This version has been designated as a long-term support (LTS) release, which means that security and data loss fixes will be applied for at least the next three years." New features include support for multiple template engines, complex SQL expressions, some PostgreSQL-specific add-ons, and more; see the release notes for details. (Comment on this)
2:26p	Thursday's security updates Arch Linux has updated chromium (multiple vulnerabilities). CentOS has updated thunderbird (C5: multiple vulnerabilities). Debian has updated iceweasel (multiple vulnerabilities). Mandriva has updated flac (BS2: multiple vulnerabilities), graphviz (BS2: format-string vulnerability), owncloud (BS1; BS2: multiple vulnerabilities), and tor (BS1: denial of service). openSUSE has updated php5 (13.1, 13.2: multiple vulnerabilities) and python-Django (13.2: multiple vulnerabilities). Oracle has updated firefox (O5: multiple vulnerabilities) and thunderbird (O6; O7: multiple vulnerabilities). Scientific Linux has updated thunderbird (multiple vulnerabilities). SUSE has updated kernel (SLES11: multiple vulnerabilities). Ubuntu has updated tiff (regression fix for previous update). (Comment on this)
7:17p	Open Crypto Audit gives TrueCrypt a passing grade At his blog, cryptographer Matt Green announced that the Open Crypto Audit project's review of the now-abandoned TrueCrypt encryption tool is complete, and that "based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." TrueCrypt was abruptly abandoned by its anonymous developers in 2014, leading some to suspect that a serious vulnerability had been discovered. The final Open Crypto Audit report [PDF] suggests otherwise, which is good news for users as well as for the multiple open-source projects that have subsequently developed TrueCrypt-compatibility support. (Comment on this)
9:25p	Android security state of the union Google has announced the issuing of a lengthy report [PDF] on the state of Android security. "In 2014, the Android platform made numerous significant improvements in platform security technology, including enabling deployment of full disk encryption, expanding the use of hardware- protected cryptography, and improving the Android application sandbox with an SELinux- based Mandatory Access Control system (MAC). Developers were also provided with improved tools to detect and react to security vulnerabilities, including the nogotofail project and the SecurityProvider. We provided device manufacturers with ongoing support for fixing security vulnerabilities in devices, including development of 79 security patches, and improved the ability to respond to potential vulnerabilities in key areas, such as the updateable WebView in Android 5.0." (Comment on this)

<< Previous Day

2015/04/02 [Calendar]

Next Day >>