Debian has updated squid3 (denial of service).
Fedora has updated glibc (F20: multiple vulnerabilities), GraphicsMagick (F20: code execution), gtk3 (F20: screen lock bypass), perl-Plack (F19; F20: information disclosure), phpMyAdmin (F19: multiple vulnerabilities), and subversion (F19; F20: credentials leak).
SUSE has updated MySQL (SLES/SLED 11: multiple vulnerabilities).
Ubuntu has updated eglibc (10.o4, 12.04, 14.04: denial of service).
Click below (subscribers only) for a look at the G'MIC 1.6.0 release and associated GIMP plugin.
Debian has updated eglibc (code execution).
Fedora has updated jakarta-commons-httpclient (F20; F19: SSL server spoofing), krb5 (F19: code execution), mediawiki (F20; F19: multiple vulnerabilities), python-pillow (F20; F19: denial of service), and sks (F20; F19: cross-site scripting).
Mageia has updated file (denial of service), grub2 (denial of service/possible code execution), harbour (denial of service/possible code execution), icecream (denial of service/possible code execution), italc (denial of service/possible code execution), kdenetwork4 (MG3: denial of service/possible code execution), libvncserver (denial of service/possible code execution), and serf (information leak).
Red Hat has updated devtoolset-2-httpcomponents-client (RHDT2: SSL server spoofing), kernel (RHEL6.4 EUS: multiple vulnerabilities), and ror40-rubygem-activerecord (RHSCL1: strong parameter protection bypass).
CentOS has updated mod_wsgi (C7: privilege escalation).
Fedora has updated file (F20: denial of service), fish (F20; F19: multiple vulnerabilities), libserf (F20: information leak), pen (F20: unspecified vulnerability), php-htmlpurifier-htmlpurifier (F20; F19: "Hash Length Extension" attack), phpMyAdmin (F20: multiple vulnerabilities), ppp (F20: privilege escalation), rubygem-activerecord (F20; F19: SQL injection), struts (F20: code execution), wordpress (F19: multiple vulnerabilities), and xen (F20; F19: denial of service).
Mageia has updated ansible (MG4: multiple vulnerabilities), bugzilla (cross-site request forgery), busybox (denial of service/possible code execution), jakarta-commons-httpclient (MG4; MG3: SSL server spoofing), and mednafen (denial of service/possible code execution).
Oracle has updated mod_wsgi (OL7: privilege escalation).
Red Hat has updated mod_wsgi (RHEL7: privilege escalation).
At his blog, Allan Day announces the preliminary availability of a brand-new edition of the GNOME Human Interface Guidelines (HIG). Prepared for the upcoming GNOME 3.14 release, this is the first major overhaul of the GNOME HIG in some time. Day notes: "There is a downside to all the experimentation that has been happening in software design in recent years, of course – it can often be a bewildering space to navigate. This is where the HIG comes in. Its goal is to help developers and designers take advantage of the new abilities at their disposal, without losing their way in the process. This is reflected in the structure of the new HIG: the guidelines don’t enforce a single template on which applications have to be based, but presents a series of patterns and elements which can be drawn upon." He also emphasizes that the new HIG, despite its name, is not a GNOME-only document, but is designed to aid interface design in other GTK+ applications, too.