Ubuntu has updated libxml2 (13.04: code execution) and mesa (12.04 LTS: code execution).

The Linux Foundation Collaboration Summit (LFCS) seems to be a likely venue for an update on the status of building the kernel with Clang/LLVM. Both in 2011 and 2012, we covered those updates. LFCS 2013 continued the trend as LLVMLinux project lead Behan Webster presented the status and plans for the project at LFCS. The gathering lived up to its name as well, since two problems faced by the project were solved through collaboration at the summit.

Mandriva has updated java-1.7.0-openjdk (multiple vulnerabilities).

Ubuntu has updated clamav (multiple vulnerabilities).

At the Yorba blog, Jim Nelson has written up an examination of the recent Geary development fundraising campaign, in particular a response to the theories circulating about why the drive came up short. "First, it’s important to understand that the Geary campaign was a kind of experiment. We wanted to know if crowdfunding was a potential route for sustaining open-source development. We weren’t campaigining to create a new application; Geary exists today and has been under development for two years now. Unlike OpenShot and VLC, we weren’t porting Geary to Windows or the Mac, we wanted to improve the Linux experience. And we had no plans on using the raised money as capital to later sell a product or service, which is the usual route for most crowdfunded projects. Our pitch was simply this: donate money so we can make Geary on Linux even better than it is today." Nelson analyzes several of the publicly debated issues, such as the amount, the competition, and the fundraising platform used.

Open Source Initiative (OSI) president Simon Phipps has posted a brief announcement on the OSI blog describing upcoming changes to the OSI governance process and the makeup of the board. "One of the ways we're turning OSI into a member organisation is to gradually replace the Board with member-selected directors. This process started last year when OSI's Affiliate members -- non-profit organizations themselves -- selected candidates for the Board." Two new vacancies on the board will be filled by election, and the OSI board is meeting in Washington DC next week to discuss further changes. Phipps notes: "If you would like to meet them, please come to OSI's DC Metro Open Source Community Summit on May 10."

Debian has updated stunnel4 (code execution).

Fedora has updated telepathy-idle (F17, F18; certificate validation error).

Mageia has updated apache-mod_security (information disclosure), clamav (multiple vulnerabilities), drupal (denial of service), java-1.7.0-openjdek (multiple vulnerabilities), krb5 (denial of service), phpmyadmin (multiple vulnerabilities), qemu (information disclosure), roundcubemail (information disclosure), subversion (multiple vulnerabilities), util-linux (information disclosure), and webmin (multiple vulnerabilities).

Mandriva has updated phpmyadmin (multiple vulnerabilities).

openSUSE has updated java-1_7_0-openjdk (multiple vulnerabilities) and krb5 (denial of service).

Ubuntu has updated kernel (multiple vulnerabilities).

openSUSE has updated icedtea-web (12.1: two vulnerabilities).

Ubuntu has updated kernel (12.04: multiple vulnerabilities), OMAP4 kernel (12.04: multiple vulnerabilities), Quantal HWE kernel (12.04: multiple vulnerabilities), kernel (12.10: multiple vulnerabilities), and OMAP4 kernel (12.10: multiple vulnerabilities).