Click below (subscribers only) for the full article by Neil Brown.
Debian has updated strongswan (authentication bypass).
Fedora has updated mingw-openssl (F20: information disclosure), mod_security (F20; F19: rules bypass), php-ZendFramework (F20; F19: multiple vulnerabilities), php-ZendFramework2 (F20; F19: multiple vulnerabilities), and systemd (F20: code execution).
Mandriva has updated jbigkit (BS1, ES5: code execution).
openSUSE has updated flash-player (multiple vulnerabilities), nagios (12.3, 13.1: denial of service), python (12.3: code execution), rubygem-rack-ssl (12.3, 13.1: cross-site scripting), and xinetd (12.3, 13.1: multiple vulnerabilities).
Ubuntu has updated net-snmp (denial of service).
The Raspberry Pi Foundation has announced a forthcoming addition to the Pi lineup, the "Pi Compute Module," which is "a Raspberry Pi shrunk down to fit on a SODIMM with onboard memory, whose connectors you can customise for your own needs." The form factor is intended for those who are going to create their own boards on which to attach the module, although there will be a breakout board designed by the Foundation as well. The module includes the same System-on-Chip as the original Pi and the same eMMC flash storage module; in addition the SODIMM connector will apparently expose more pins than the credit-card form factor, so that "the full flexibility of the BCM2835 SoC (which means that many more GPIOs and interfaces are available as compared to the Raspberry Pi)." The expected release date is sometime in June.
At the Open Source Initiative (OSI) blog, OSI President Simon Phipps announces the organization's new board members. "Three of the vacancies were allocated for filling by people selected by the Individual Members, and the other was assigned to the Affiliate Members (comprising open source related non-profit organisations). Using approval voting, the Individual members selected Allison Randal (68% approval), Richard Fontana (61% approval) and Leslie Hawthorn (42% approval) -- each to serve for one year -- and the Affiliate Members selected Stefano Zacchiroli to serve for three years." The changes to how board members are selected are part of OSI's recent restructuring moves, which will continue with the selection of next year's president—after which, Phipps says, the board plans to "meet with the Free Software Foundation and review our strategy for transformation. We are very grateful for your continued support and aim to make OSI ever more valuable both to its members and to the wider open source community."
CentOS has updated samba4 (C6: multiple vulnerabilities).
Mandriva has updated file (BS1: denial of service), perl-YAML-LibYAML (BS1: multiple vulnerabilities), php (BS1: denial of service), php-ZendFramework (BS1: multiple vulnerabilities), python (BS1: multiple vulnerabilities), and yaml (ES5: multiple vulnerabilities; BS1: code execution).
Oracle has updated samba4 (O6: multiple vulnerabilities).
Last week we took a brief look at the many new projects that were represented on the initial day of Libre Graphics Meeting (LGM) 2014 in Leipzig. Although there were a few other newcomer projects presented in the remaining three days, the schedule for the latter part of the event was slanted more toward updates from existing projects, user presentations, and slots for team meetings, workshops, and hackfests. All of these are valuable, of course—in particular, LGM routinely does an exceptional job soliciting talks from real-world software users. But the updates from established projects, particularly those that set out short- and medium-term roadmaps, are likely of interest to many of those who could not attend in person.