Fedora has updated python-virtualenv (F17, F18: temporary file and information disclosure vulnerabilities), krb5 (F17, "UDP ping-pong vulnerability" from 2002), and nginx (F18: denial of service and information disclosure).
openSUSE has updated samba (CIFS share attribute verification failure).
Oracle has updated kernel (EL5: denial of service).
Red Hat has updated java-1.5.0-ibm (RHEL5-6: 16 "unspecified" vulnerabilities).
Mandriva has updated krb5 (UDP ping-pong flaw in kpasswd).
Red Hat has updated kernel (RHEL5: denial of service).
Scientific Linux has updated kernel (SL5: denial of service).
Ubuntu has updated libtiff (two vulnerabilities).
Debian GNU/Hurd is currently available for the i386 architecture with more than 10.000 software packages available (more than 75% of the Debian archive, and more to come!).
Due to the very small number of developers, our progress of the project has not been as fast as other successful operating systems, but we believe to have reached a very decent state, even with our limited resources.
Click below (subscribers only) for LWN's look at this vulnerability.
Slackware has updated kernel (privilege escalation).
Mageia has updated kernel (multiple vulnerabilities), kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), kernel-rt (multiple vulnerabilities), and kernel-vserver (multiple vulnerabilities).