Tuesday, September 1st, 2015

Time	Event
3:34p	OpenSSL Security: A Year in Review The OpenSSL project looks at its security record for the last year. "The acceptable timeline for disclosure is a hot topic in the community: we meet CERT’s 45-day disclosure deadline more often than not, and we’ve never blown Project Zero’s 90-day baseline. Most importantly, we met the goal we set ourselves and released fixes for all HIGH severity issues in well under a month. We also landed mitigation for two high-profile protocol bugs, POODLE and Logjam. Those disclosure deadlines weren’t under our control but our response was prepared by the day the reports went public." (Comment on this)
4:36p	Tuesday's security advisories Fedora has updated qemu (F21: multiple vulnerabilities). Oracle has updated gdk-pixbuf2 (OL7; OL6: code execution), jakarta-taglibs-standard (OL7; OL6: code execution), and nss-softokn (OL7; OL6: signature forgery). Red Hat has updated nss-softokn (RHEL6,7: signature forgery) and pcs (RHEL6,7: privilege escalation). Ubuntu has updated expat (15.04, 14.04, 12.04: denial of service) and gnutls28 (15.04: two vulnerabilities). (Comment on this)
6:49p	Microsoft, Google, Amazon, others, aim for royalty-free video codecs (Ars Technica) Ars Technica reports that Microsoft, Google, Mozilla, Cisco, Intel, Netflix, and Amazon have launched a new consortium, the Alliance for Open Media. "The Alliance for Open Media would put an end to this problem [of patent licenses and royalties]. The group's first aim is to produce a video codec that's a meaningful improvement on HEVC. Many of the members already have their own work on next-generation codecs; Cisco has Thor, Mozilla has been working on Daala, and Google on VP9 and VP10. Daala and Thor are both also under consideration by the IETF's netvc working group, which is similarly trying to assemble a royalty-free video codec." (Comment on this)

<< Previous Day

2015/09/01 [Calendar]

Next Day >>