lwn.net

warning: Creating default object from empty value in /var/www/home/chantra/debuntu.org/drupal-6.19/modules/taxonomy/taxonomy.pages.inc on line 34.

How to think like open source pioneer Michael Tiemann (Opensource.com)

Opensource.com is running an
interview
with Michael Tiemann. "Make no mistake: For Tiemann, open source is not simply a business model. It's not just a method of developing software. It isn't an ethic. It's a Platonic form—perhaps something like a force, a tendency. Throughout history, many people have tried to glimpse it, if only for a moment.

[$] Reconsidering ffmpeg in Debian

For better or for worse, forks are a part of the free software landscape.
Often a fork will result in a reinvigorated development community and the
removal of unneeded roadblocks. But not all forks work out well. What is
a distributor to do if, at some point, it concludes that it chose wrongly
when it followed a fork of an important project? Going back to the
original may not always be an easy thing to do, even if there appears to be
a consensus for that move. The presence of security concerns can make such
a change even harder to contemplate.

Tuesday's security updates

CentOS has updated yum-updatesd
(C5: bypass RPM package signing restriction).

Debian has updated icedove (multiple vulnerabilities).

Red Hat has updated yum-updatesd
(RHEL5: bypass RPM package signing restriction).

Scientific Linux has updated yum-updatesd (SL5: bypass RPM package signing restriction).

SUSE has updated

CyanogenMod 11.0 M9 Released

CyanogenMod 11.0 M9 has been released. "This release marks the first ever (non-nightly) release for the Xperia Z2 ‘sirius’, Xperia Z2 Tablets ‘castor’ and the HTC One ‘m8′ – kudos to their maintainers and all the other maintainers that bring you these releases every month!"

Security advisories for Monday

Debian has updated lzo2 (code execution).

Fedora has updated exim (F19; F20: code execution).

Gentoo has updated ZendFramework (SQL injection).

Mageia has updated gcc (code execution).

Slackware has updated dhcpcd (denial of service) and

Mozilla leaks developers email, password hashes

Mozilla has just disclosed
a problem with its Mozilla Developer Network database sanitization
system. "The issue came to light ten days ago when one of our web
developers discovered that, starting on about June 23, for a period of 30
days, a data sanitization process of the Mozilla Developer Network (MDN)
site database had been failing, resulting in the accidental disclosure of
MDN email addresses of about 76,000 users and encrypted passwords of about
4,000 users on a publicly accessible server."

The 3.16 kernel has been released

Linus has released the 3.16 kernel, right
on schedule. This release includes the unified
control group hierarchy
work, many improvements to the multiqueue block
layer, and, as always, lots of new drivers and internal improvements.

XBMC Is Getting a New Name – Introducing Kodi 14

The XBMC media center will be renamed Kodi. "Six
years have passed since the Xbox Media Center became XBMC, and simply put,
“XBMC” fits less now than it did even in 2008. The software only barely
runs on the original Xbox, and then only because some clever developers are
still hacking on that platform. It has never run on the Xbox 360 or Xbox
One." Trademarks were another reason for name change. The project
was unable to trademark XBMC, leading to issues with hacked and broken
implementations of the software being sold as "XBMC".

Samba 4.1.11 and 4.0.21 Security Releases Available

The Samba Team has put out an important-looking set of releases. "All current versions of Samba 4.x.x are vulnerable to a remote code
execution vulnerability in the nmbd NetBIOS name services daemon.

A malicious browser can send packets that may overwrite the heap of
the target nmbd NetBIOS name services daemon. It may be possible to
use this to generate a remote code execution vulnerability as the
superuser (root)."

Security advisories for Friday

CentOS has updated kernel (C6: multiple vulnerabilities).

Fedora has updated bugzilla (F20:
cross-site request forgery), kernel (F20:
multiple vulnerabilities), openstack-neutron (F20: denial of service), and sdcc (F20; F19: remote denial of service).

openSUSE has updated

Syndicate content