Security Leftovers
Microsoft: powerdir bug gives access to protected macOS user data
US Police Warn of Parking Meters with Phishing QR Codes
In a hurry to park your car? Don't want to fumble around in your pocket to find cash for the parking meter, and don't have the correct payment app installed on your phone?
Well, think carefully before rushing to scan the payment QR code stuck on the side of the meter - it may well be an attempt by fraudsters to phish your financial information.
Police are warning that they have discovered bogus QR codes stuck onto public parking meters across Austin, Texas - a city where parking meters don't display QR codes, and only accept payment via coins, cards or a smartphone app.
Apache Software Foundation Security Report: 2021 : The Apache Software Foundation Blog
Synopsis: This report explores the state of security across all of The Apache Software Foundation projects for the calendar year 2021. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.
[...]
The security committee of The Apache Software Foundation (ASF) oversees and coordinates the handling of vulnerabilities across all of the 350+ Apache projects. Established in 2002 and composed of all volunteers, we have a consistent process for how issues are handled, and this process includes how our projects must disclose security issues.
Anyone finding security issues in any Apache project can report them to security@apache.org where they are recorded and passed on to the relevant dedicated security teams or private project management committees (PMC) to handle. The security committee monitors all the issues reported across all the projects and keeps track of the issues throughout the vulnerability lifecycle.
The security committee is responsible for ensuring that issues are dealt with properly and actively reminds projects of their outstanding issues and responsibilities. As a board committee, we have the ability to take action including blocking their future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues. This, along with the Apache License v2,0, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software.
The oversight into all security reports, along with tools we have developed, gives us the ability to easily create metrics on the issues. Our last report covered the metrics for 2020.
Extension Manager: Search And Install GNOME Shell Extensions Without Using A Web Browser
Extension Manager is a new, unofficial application to browse and install GNOME Shell extensions from your desktop, without having to use a web browser. Besides allowing users to search and install extensions from extensions.gnome.org, the tool can also enable or disable extensions (and display a list of installed extensions), access the extension settings, and uninstall extensions. The application is very new, having its first (0.1.0) release only a couple of days ago, so it's still lacking in features. Extension Manager does not currently support updating extensions or translations. Also, only the first 10 results are displayed when performing a search, and there's no option to sort the search results (e.g. by popularity, recency, etc., like on the GNOME Extensions website). Extension screenshots and comments are also not available right now.
Xwayland 22.1 schedule
Hi all, It's been a year since we released Xwayland standalone and the xwayland-21.1 branch. Some new (and nice!) features found their way in the master branch of the xserver since then and the time has come to consider a new xwayland-22.1 branch and release, similar to what Michel did a year or so ago for xwayland-21.1. For that purpose I prepared the branch and posted a draft MR (not to be merged) here: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/819 I see no reason to wait any longer so I'd propose the following schedule: * Create the branch xwayland-22.1 this week (week #2) * January 19th: 1st release candidate * February 2nd: 2nd release candidate * February 16th: 22.1.0 release if all goes well Please let me know if that schedule works for you - Also, the milestone xwayland-22.1.0 in gitlab should be used to tag issues or merge requests that need to be checked before Xwayland 22.1.0 is released. Cheers Also: XWayland 22.1 Planned For Release Next Month
Kernel: Linux 5.17 Features
IBM/Red Hat Leftovers
