A project as large as GNOME consists of enough constituent parts that it can be a challenge just to keep up with the latest developments of the various applications, libraries, and infrastructure efforts. GUADEC 2014 in Strasbourg provided a number of opportunities to get up speed on the various moving pieces. Of course, it is impossible to catch everything at a multi-track event, but there were still quite a few updates worth mentioning.
CentOS has updated qemu-kvm (C6: code execution).
Debian has updated cacti (multiple vulnerabilities).
Oracle has updated qemu-kvm (OL6: multiple vulnerabilities).
Ubuntu has updated openjdk-7 (14.04 LTS: multiple vulnerabilities).
Oracle has updated nss, nss-util, nss-softokn (OL7: incorrect wildcard certificate handling).
Red Hat has updated qemu-kvm (RHEL6: multiple vulnerabilities).
Scientific Linux has updated qemu-kvm (SL6: multiple vulnerabilities).
SUSE has updated flash-player (SLED11 SP3: multiple vulnerabilities).
Ubuntu has updated openssl (10.04 LTS: regression in previous update).
Debian has updated xen (multiple vulnerabilities).
Fedora has updated 389-ds-base (F20: information disclosure), iodine (F19; F20: authentication bypass), kernel (F20: multiple vulnerabilities), krfb (F19; F20: denial of service), pixman (F20: denial of service), and tboot (F19; F20: boot chain bypass).
Gentoo has updated libmodplug (multiple vulnerabilities).
Mageia has updated 389-ds-base (information disclosure), dhcpcd (denial of service), flash-player-plugin (multiple vulnerabilities), kernel-linus (M3; M4: multiple vulnerabilities), kernel-tmb (M3; M4: multiple vulnerabilities), and kernel-vserver (multiple vulnerabilities).
openSUSE has updated flash-player (11.4: multiple vulnerabilities).
Red Hat has updated nss, nss-util, nss-softokn (RHEL7: incorrect certificate handling).
SUSE has updated krb5 (code execution).
O'Reilly Radar has posted a retrospective look at the OpenStreetMap (OSM) project on the occasion of OSM's ten-year anniversary. Tyler Bell calls the project "the most significant development in the Open Geo Data movement" outside of GPS; noting that before OSM's creation, "map data sources were few, and largely controlled by a small collection of private and governmental players. The scarcity of map data ensured that it remained both expensive and highly restrictive, and no one but the largest navigation companies could use map data." Particularly interesting are the various comparisons between the state of the map in 2007 and today; the project's 1.5 million registered users do not seem to be slowing down, even if today's emphasis has shifted somewhat to less-visible features: "nodes are getting connected and turn restrictions added to facilitate navigation, while addresses are being sourced to help with geocoding and place finding."
Fedora has updated gd (F20: denial of service), httpd (F19: multiple vulnerabilities), krb5 (F20: code execution), python-bottle (F19; F20: remote code execution), tor (F19; F20: traffic confirmation), transmission (F19: code execution), and v8 (F19: denial of service).
Debian has updated gpgme1.0 (code execution).
openSUSE has updated flash-player (13.1, 12.3: multiple vulnerabilities).
Flock is the annual conference for the Fedora distribution, but, like most free-software events, the program draws on a wide range of projects. At this year's event in Prague, keynote speaker Sean Cross spoke about his work on the Novena laptop project—including some speculation as to why it is succeeding in the demonstrably harsh space of open hardware products. Cross told the audience he hoped to get Fedora running on Novena (which runs Debian only at the moment) over the course of the conference, but he also hoped that the Novena story would be a helpful and informative tale for others undertaking a difficult, large-scale task—such as building a distribution.
Also, the conference is seeking submissions for Microconference discussion and BOF topics.