Software in the Public Interest (SPI) has completed its 2016 board elections. There were two open seats on the board in addition to four board members whose terms were expiring. The six newly elected members of the board are Luca Filipozzi, Joerg Jaspert, Jimmy Kaplowitz, Andrew Tridgell, Valerie Young, and Martin Zobel-Helas. The full results, including voter statistics, are also available.
Fedora has updated drupal7-views (F24; F23: access bypass), golang (F24; F23: denial of service), java-1.8.0-openjdk (F24; F23: multiple vulnerabilities), php-guzzlehttp-guzzle (F24; F23: proxy injection), and php-guzzlehttp-guzzle6 (F24; F23: proxy injection).
Slackware has updated libidn (3.0, 13.1, 13.37, 14.0, 14.1, 14.2: multiple vulnerabilities).
SUSE has updated libarchive (SLE 12: multiple vulnerabilities).
Debian has updated xen (multiple vulnerabilities, one from 2015).
Debian-LTS has updated tardiff (two vulnerabilities from 2015).
openSUSE has updated dropbear (42.1, 13.2: multiple vulnerabilities), go (13.2: HTTP request smuggling flaws from 2015), karchive (42.1, 13.2: code execution), mbedtls (42.1: three vulnerabilities), python (42.1, 13.2: three vulnerabilities), and tiff (13.2: multiple vulnerabilities).
Scientific Linux has updated java-1.7.0-openjdk (multiple vulnerabilities).
A few years ago, the hardware vendor Yubico made a bit of a splash when it introduced its YubiKey line of inexpensive hardware security tokens powered by open-source software. With its most recent product release, however, Yubico has dropped open source and started deploying only proprietary software in its devices. Consequently, many community members have started looking for a viable replacement that will adhere to open-source principles. At present, one of the leading contenders for Yubico's departed customers is Nitrokey, which manufactures a line of hardware tokens capable of generating one-time passwords (OTPs), storing and using OpenPGP keys, and several other features. The devices made by Nitrokey run open-source software and are open hardware as well.
Debian-LTS has updated libgd2 (denial of service).
Mageia has updated apache (HTTP redirect), harfbuzz (multiple vulnerabilities), libgd (three vulnerabilities), libidn (multiple vulnerabilities), libupnp (unauthenticated access), libxml2 (multiple vulnerabilities), mariadb (multiple vulnerabilities), mupdf (denial of service), php/xmlrpc-epi/timezone (multiple vulnerabilities), sudo (race condition), tomcat/apache-commons-fileupload (denial of service), and virtualbox (allows local users to affect availability).