Tuesday, July 19th, 2016

Time	Event
3:48p	Security advisories for Tuesday CentOS has updated httpd (C7; C6; C5: HTTP redirect). Debian has updated mysql-connector-java (information disclosure) and python-django (cross-site scripting). Fedora has updated dnsmasq (F24: denial of service), gd (F23: two vulnerabilities), kernel (F22: multiple vulnerabilities), mingw-openjpeg2 (F24; F23: multiple vulnerabilities), pagure (F24: unspecified), pdfbox (F24: XML External Entity (XXE) attacks), perl (F24; F23: code execution), and tcpreplay (F24; F23: denial of service). Mageia has updated imagemagick (three vulnerabilities). openSUSE has updated apache2 (Leap42.1, 13.2: HTTP redirect). Oracle has updated httpd (OL7; OL6; OL5: HTTP redirect). Red Hat has updated httpd (RHEL7; RHEL5,6: HTTP redirect) and httpd24-httpd (RHSCL: two vulnerabilities). Scientific Linux has updated httpd (SL7; SL5,6: HTTP redirect) and kernel (SL6: privilege escalation). Ubuntu has updated apache2 (HTTP redirect) and thunderbird (two vulnerabilities). (Comment on this)
6:46p	Qt WebBrowser 1.0 Version 1.0 of the QtWebBrowser has been released. Qt WebBrowser is a browser for embedded devices developed using the capabilities of Qt and Qt WebEngine. "The browser is optimized for embedded touch displays (running Linux), but you can play with it on the desktop platforms, too! Just make sure that you have Qt WebEngine, Qt Quick, and Qt VirtualKeyboard installed (version 5.7 or newer). For optimal performance on embedded devices you should plan for hardware-accelerated OpenGL, and around 1 GiByte of memory for the whole system. Anyhow, depending on your system configuration and the pages to be supported there is room for optimization." (Comment on this)
8:55p	The Importance of Following Community-Oriented Principles in GPL Enforcement Work The Software Freedom Conservancy is one of the few organizations involved in GPL enforcement, and it has published principles regarding enforcement practices that seek compliance and not financial penalties. Bradley Kuhn and Karen Sandler urge others doing GPL enforcement to follow principles set forth by the SFC. "One impetus in drafting the Principles was our discovery of ongoing enforcement efforts that did not fit with the GPL enforcement community traditions and norms established for the last two decades. Publishing the previously unwritten guidelines has quickly separated the wheat from the chaff. Specifically, we remain aware of multiple non-community-oriented GPL enforcement efforts, where none of those engaged in these efforts have endorsed our principles nor pledged to abide by them. These “GPL monetizers”, who trace their roots to nefarious business models that seek to catch users in minor violations in order to sell an alternative proprietary license, stand in stark contrast to the work that Conservancy, FSF and gpl-violations.org have done for years." The actions of one individual prompted the netfilter project to make a statement endorsing the principles, which we covered earlier this month. (Comment on this)
9:17p	Tor veteran Lucky Green exits, torpedos critical 'Tonga' node and relays (The Register) The Register reports that longtime Tor contributor Lucky Green is quitting and closing down the node and bridge authority he operates. "Practically, it's a big deal. Bridge Authorities are part of the infrastructure that lets users get around some ISP-level blocks on the network (not, however, defeating deep packet inspection). They're also incorporated in the Tor code, meaning that to remove a Bridge Authority is going to need an update." The shutdown is scheduled for August 31. (Thanks to Nomen Nescio) (Comment on this)

<< Previous Day

2016/07/19 [Calendar]

Next Day >>