CentOS has updated gnutls (C7: code execution), kdenetwork (C7: multiple vulnerabilities), kernel (C6: multiple vulnerabilities), and libvncserver (C7; C6: multiple vulnerabilities).

Debian has updated file (out-of-bounds read flaw) and nss (code execution).

Fedora has updated deluge (F20: deluge-web is vulnerable to POODLE), mokutil (F20; F19: multiple vulnerabilities), Pound (F20: multiple vulnerabilities), shim-signed (F20; F19: multiple vulnerabilities), and tnftp (F20: command execution).

Mageia has updated apt (code execution) and php (out-of-bounds read flaw).

openSUSE has updated ImageMagick (13.2, 13.1, 12.3: multiple vulnerabilities), konversation (13.2: information disclosure), libserf (13.2, 13.1, 12.3: man-in-the-middle attack), pidgin (13.2: multiple vulnerabilities), and sssd (13.2: restriction bypass).

Oracle has updated gnutls (OL7: code execution), kdenetwork (OL7: multiple vulnerabilities), kernel (OL6: multiple vulnerabilities), and libvncserver (OL7; OL6: multiple vulnerabilities).

Red Hat has updated gnutls (RHEL7: code execution), kdenetwork (RHEL7: multiple vulnerabilities), kernel (RHEL6: multiple vulnerabilities), and libvncserver (RHEL6,7: multiple vulnerabilities).

Scientific Linux has updated gnutls (SL7: code execution), kdenetwork (SL7: multiple vulnerabilities), kernel (SL6: multiple vulnerabilities), and libvncserver (SL6,7: multiple vulnerabilities).

SUSE has updated spacewalk-branding (SUSE Manager1.7: clarify CVE audit).

Ubuntu has updated cinder (14.04: information disclosure), keystone (14.04: information disclosure), neutron (14.04: denial of service), and nova (14.04: two vulnerabilities).

Fedora has updated firefox (F19: multiple vulnerabilities).

openSUSE has updated claws-mail (13.2: man-in-the-middle attack), php5 (13.2: three vulnerabilities), quassel (13.2, 13.1, 12.3: information disclosure), tnftp (13.2, 13.1: command execution), wget (13.2, 13.1, 12.3: symlink attack), and zeromq (13.1, 12.3: man-in-the-middle attack).

SUSE has updated firefox (SLE11 SP3: multiple vulnerabilities) and OpenSSL (SLES11 SP2,SP1; SLES10 SP4: multiple vulnerabilities).

Ubuntu has updated gnutls28 (14.10: code execution), kde-workspace (12.04: privilege escalation), konversation (12.04: information disclosure), and libvirt (14.10, 14.04: two vulnerabilities).

Update: according to Engadget, GroupOn says it wants to work things out, all the way to picking a new product name if necessary.

Another update: The GNOME Foundation reports that Groupon will abandon its pending trademarks and proceed with a name change.

Debian has updated kfreebsd-9 (multiple vulnerabilities).

Fedora has updated claws-mail (F20: man-in-the-middle attack), claws-mail-plugins (F20: man-in-the-middle attack), curl (F20: information leak), libetpan (F20: man-in-the-middle attack), php-ZendFramework2 (F19: multiple vulnerabilities), pidgin (F20: multiple vulnerabilities), python (F20: script execution), python3 (F20: two vulnerabilities), qemu (F20: multiple vulnerabilities), and zarafa (F20; F19: multiple vulnerabilities).

Gentoo has updated php (multiple vulnerabilities).

openSUSE has updated chromium (13.1: multiple vulnerabilities), php5 (13.1, 12.3: multiple vulnerabilities), and pidgin (13.1, 12.3: multiple vulnerabilities).

Ubuntu has updated curl (information leak) and libreoffice (12.04: embeds arbitrary data).

The Free Software Foundation (FSF) and the Software Freedom Conservancy (SFC) have announced a new site called Copyleft.org that will play host to "useful information, tutorial material, and new policy ideas regarding all forms of copyleft licensing." The most prominent content at present is a comprehensive guide to the concept of copyleft and copyleft licenses. The announcement notes that the content is viable, among other things, as training material. "As the author, primary interpreter, and ultimate authority on the GPL, the FSF is in a unique position to provide insights into understanding free software licensing. While the guide as a living text will not automatically reflect official FSF positions, the FSF has already approved and published one version for use at its Seminar on GPL Enforcement and Legal Ethics in March 2014."

At her blog, Akkana Peck has announced a new GIMP plugin called "Saver" that is intended to replace the default Save/Export functionality introduced with the GIMP 2.8 release. GIMP 2.8 famously separated "Save"and "Export" into two separate functions, with "Save" only able to write out images to GIMP's native, multi-layer XCF format. As Peck notes, that change "has been a matter of much controversy. It's been over two years now, and people are still complaining on the gimp-users list." The new plugin is an attempt to perform the "expected" action in each circumstance. "I've been using Saver for nearly all my saving for the past year. If I'm just making a quick edit of a JPEG camera image, Ctrl-S overwrites it without questioning me. If I'm editing an elaborate multi-layer GIMP project, Ctrl-S overwrites the .xcf.gz. If I'm planning to export that image for the web, I Ctrl-Shift-S to bring up the Saver As... dialog, make sure the main filename is .xcf.gz, set a name (ending in .jpg) for the exported copy; and from then on, Ctrl-S will save both the XCF and the JPG copy.

Ubuntu’s developers initially balked at this. Why, this isn’t the way the system works! The package is now locked-in for the stable release and shouldn’t have any major changes, even though it’s a fundamentally insecure piece of server software. Actually removing it would be highly unusual. They proposed that ownCloud should take over maintenance of the ownCloud packages in Ubuntu and keep them up-to-date. At the very least, it was ownCloud’s job to create an empty package and go through the bureaucratic process to push it out.

The writing is a little breathless, but there is a valid issue here; the software found in the more remote corners of distribution repositories may not be particularly well maintained.

CentOS has updated php (C5: multiple vulnerabilities).

Debian has updated curl (information leak), konversation (denial of service), qemu (multiple vulnerabilities), and qemu-kvm (multiple vulnerabilities).

Fedora has updated hostapd (F19; F20: command execution), Pound (F19: multiple vulnerabilities), python-rhsm (F19; F20: protocol downgrade), seamonkey (F19: multiple vulnerabilities), subscription-manager (F20: protocol downgrade), webkitgtk3 (F19: protocol downgrade), wss4j (F20: authentication spoofing), and xml-security (F20: denial of service).

Oracle has updated php (O5: multiple vulnerabilities).

Red Hat has updated php (RHEL4: code execution; RHEL5: multiple vulnerabilities).

Scientific Linux has updated mod_auth_mellon (SL6: multiple vulnerabilities) and php (SL5: multiple vulnerabilities).

Debian has updated libxml-security-java (xml signature spoofing from 2013).

Gentoo has updated mysql (multiple unspecified vulnerabilities), tigervnc (code execution), and vlc (multiple vulnerabilities from 2010-2013).

Oracle has updated mod_auth_mellon (OL6: two vulnerabilities) and shim (OL7: three vulnerabilities).

SUSE has updated flash-player (SLE11SP3: three vulnerabilities), OpenSSL (SLE11SP3: three vulnerabilities), and wget (SLE11SP3: code execution).

Ubuntu has updated libreoffice (14.10, 14.04: code execution).