LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Monday, June 13th, 2016

    Time Event
    5:45p
    Security advisories for Monday

    Arch Linux has updated expat (two vulnerabilities) and lib32-expat (two vulnerabilities).

    Debian-LTS has updated libtorrent-rasterbar (denial of service), libxslt (three vulnerabilities), mantis (cross-site scripting), and nspr (buffer overflow).

    Fedora has updated xen (F22: multiple vulnerabilities).

    Mageia has updated kernel (multiple vulnerabilities), libjpeg (memory leak), openslp (denial of service), vlc/mad (code execution), and wireshark (multiple vulnerabilities).

    openSUSE has updated firefox, nss (Leap42.1, 13.2; 13.1: multiple vulnerabilities), opera (Leap42.1: multiple vulnerabilities), php5 (13.2: multiple vulnerabilities), phpMyAdmin (13.1: three vulnerabilities), and proftpd (13.1: weak key usage).

    SUSE has updated qemu (SLE12: multiple vulnerabilities).

    8:08p
    Let's Encrypt Email Address Disclosures
    Let's Encrypt has a preliminary
    report     about an email address disclosure. "On June 11 2016
    (UTC), we started sending an email to all active subscribers who provided
    an email address, informing them of an update to our subscriber
    agreement. This was done via an automated system which contained a bug that
    mistakenly prepended between 0 and 7,618 other email addresses to the body
    of the email. The result was that recipients could see the email addresses
    of other recipients. The problem was noticed and the system was stopped
    after 7,618 out of approximately 383,000 emails (1.9%) were sent. Each
    email mistakenly contained the email addresses from the emails sent prior
    to it, so earlier emails contained fewer addresses than later ones.    "
    A postmortem is underway. (Thanks to Paul Wise)
    11:11p
    Lortie: Gtk 4.0 is not Gtk 4
    Allison Lortie writes
    about a new proposed GTK release scheme     that may take some getting used
    to.
    "Meanwhile, Gtk 4.0 will not be the final stable API of what we would
    call 'Gtk 4'. Each 6 months, the new release (Gtk 4.2, Gtk 4.4, Gtk 4.6)
    will break API and ABI vs. the release that came before it. These
    incompatible minor versions will not be fully parallel installable; they
    will use the same pkg-config name and the same header file directory. We
    will, of course, bump the soname with each new incompatible release — you
    will be able to run Gtk 4.0 apps alongside Gtk 4.2 and 4.4 apps, but you
    won’t be able to build them on the same system. This policy fits the model
    of how most distributions think about libraries and their 'development
    packages'.    " Only the last release in each major number series
    (expected every two years) would have a stable API. Read the whole thing
    to fully understand what is being proposed.

    << Previous Day 2016/06/13
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org