Debian's decision to move to systemd as the default init system was a famously contentious (and rather public) debate. Once all the chaos regarding the decision itself had died down, however, it was left to project members to implement the change. At DebConf 2015 in Heidelberg, Martin Pitt and Michael Biebl gave a down-to-earth talk about how that implementation work had gone and what was still ahead.
Click below (subscribers only) for the full report.
CentOS has updated kernel (C7: multiple vulnerabilities).
Debian has updated icu (denial of service).
Debian-LTS has updated openldap (denial of service).
Fedora has updated php (F22; F21: multiple vulnerabilities), php-doctrine-annotations (F22; F21: privilege escalation), php-doctrine-cache (F22; F21: privilege escalation), and php-doctrine-doctrine-bundle (F22; F21: privilege escalation).
Mageia has updated ipython (MG4,5: cross-site scripting), openldap (MG4,5: denial of service), php-ZendFramework (MG5; MG4: XML external entity attack), qemu (MG5; MG4: multiple vulnerabilities), and spice (MG4,5: code execution).
Mageia has updated conntrack-tools (MG4,5: denial of service), freetype2 (MG4: denial of service), gnupg (MG4: two vulnerabilities), libgcrypt (MG4: information leak), libvdpau (MG4,5: multiple vulnerabilities), mariadb (MG4,5: unspecified vulnerabilities), php (MG4: multiple vulnerabilities), phpmyadmin (MG4,5: guessable user credentials), and xfsprogs (MG5: information disclosure).
Red Hat has updated qemu-kvm-rhev (RHEL OSP5,6,7: code execution).
The Electronic Frontier Foundation (EFF) is running a story on its DeepLinks blog that the Kilton Public Library in Lebanon, New Hampshire has suspended its Tor node deployment—at least temporarily—due to criticism by the local police department (we covered the launch of the Kilton library's Tor node in August). The EFF post says that the criticism originated when "a regional Department of Homeland Security office contacted the local police to spread fear, uncertainty, and doubt about Tor. The police got in touch with the library board, who suspended the program until they could vote on it on September 15." The EFF has set up a page at which interested parties can sign a petition showing support for the library, and has written its own letter of support to the Lebanon library board. The Library Freedom Project, which is handling the details of running Kilton's Tor node, has also written about the incident and promises further updates after the library board meeting.
Debian-LTS has updated libvdpau (multiple vulnerabilities).
SUSE has updated MozillaFirefox, mozilla-nss (SLE11: multiple vulnerabilities).
Ubuntu has updated freetype (12.04, 14.04, 15.04: multiple vulnerabilities).