LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Tuesday, December 1st, 2015

    Time Event
    4:42p
    Thunderbird to be separated from Mozilla
    Mozilla leader Mitchell Baker has announced that the Thunderbird email
    client project
    will, eventually, be spun out of Mozilla. "Therefore I believe Thunderbird should would thrive best by
    separating itself from reliance on Mozilla development systems and in
    some cases, Mozilla technology. The current setting isn’t stable, and we
    should start actively looking into how we can transition in an orderly
    way to a future where Thunderbird and Firefox are un-coupled.    "
    5:35p
    Tuesday's security updates

    Debian-LTS has updated libphp-snoopy (command execution).

    Fedora has updated ca-certificates (F22: certificate update), grub2 (F22: Secure Boot circumvention), imapsync (F23; F22; F21: information leak), libxml2 (F22: multiple vulnerabilities), perl-HTML-Scrubber (F23; F22; F21: cross-site scripting), rpm (F22: denial of service), and wget (F23: information leak).

    Oracle has updated apache-commons-collections (OL7: code execution) and jakarta-commons-collections (OL6: code execution).

    Red Hat has updated apache-commons-collections (RHEL7: code execution), jakarta-commons-collections (RHEL6: code execution), and rh-java-common-apache-commons-collections (RHSCL2: code execution).

    Scientific Linux has updated apache-commons-collections (SL7: code execution) and jakarta-commons-collections (SL6: code execution).

    Ubuntu has updated gnutls26 (14.04, 12.04: padding oracle attack) and thunderbird (15.10, 15.04, 14.04, 12.04: multiple vulnerabilities).

    8:11p
    Patent troll claims HTTPS websites infringe crypto patent, sues everybody (Ars Technica)
    CryptoPeak Solutions is suing many tech and retail giants, claiming their
    HTTPS websites infringe an encryption patent titled "Auto-Escrowable and
    Auto-Certifiable Cryptosystems". Ars Technica reports:
    "The latest batch of cases was lodged November 25. The cases name AT&T, Costco, Expedia, GoPro, Groupon, Netflix, Pinterest, Shutterfly, Starwood Hotels, Target, and Yahoo, among others. All the lawsuits include virtually identical language.

    "Defendant has committed direct infringement by its actions that comprise
    using one or more websites that utilize Elliptic Curve Cryptography (“ECC”)
    Cipher Suites for the Transport Layer Security (“TLS”) protocol (the
    “Accused Instrumentalities”)," according to the lawsuits.    "

    << Previous Day 2015/12/01
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org