LWN.net's Journal
[Most Recent Entries]
[Calendar View]
Thursday, September 2nd, 2021
| Time |
Event |
| 1:30a |
[$] LWN.net Weekly Edition for September 2, 2021
The LWN.net Weekly Edition for September 2, 2021 is available. | | 1:48p |
Security updates for Thursday
Security updates have been issued by openSUSE (ffmpeg and gstreamer-plugins-good), SUSE (apache2, apache2-mod_auth_mellon, ffmpeg, gstreamer-plugins-good, libesmtp, openexr, rubygem-puma, xen, and xerces-c), and Ubuntu (openssl). | | 2:48p |
Fuzzing 100+ open source projects with OSS-Fuzz - lessons learned (ADA Logics blog) On the ADA Logics blog, David Korczynski and Adam Korczynski write about their work integrating 115 open-source projects with Google's OSS-Fuzz project for doing continuous fuzz testing. They describe the process of integrating a project into OSS-Fuzz, and discuss their findings, which include more than 2000 bugs (500+ security relevant), of which 1300+ have been fixed at this point:
Throughout the process we integrated projects written in C, C++, Python, Go and Rust and the types of bugs we found across the projects are a reflection of the language the project was written in. Typically, for managed languages the bugs are within the umbrella term of uncaught exceptions and denial of service bugs, whereas in native languages the bugs are mostly split between assert violations, NULL-dereferences, heap-out-of-bounds, stack-out-of-bounds, stack overflows, integer arithmetic, memory leaks, out-of-memory and timeout bugs.
| | 3:12p |
[$] 5.15 Merge window, part 1
As of this writing, 3,440 non-merge changesets have been pulled into the
mainline repository for the 5.15 development cycle. A mere 3,440 patches
may seem like a slow start, but those patches are densely populated with
significant new features. Read on for a look at what the first part of the
5.15 merge window has brought. |
|