Arch Linux has updated mupdf (denial of service).
Debian-LTS has updated gnupg (flawed random number generation).
Fedora has updated borgbackup (F24; F23: directory traversal), freeipa (F24; F23: denial of service), java-1.8.0-openjdk-aarch32 (F24: multiple vulnerabilities), rubygem-actionpack (F24; F23: unsafe query generation), and rubygem-activerecord (F24; F23: unsafe query generation).
openSUSE has updated kernel (13.1: multiple vulnerabilities).
Slackware has updated kernel (TCP connection takeover).
Open-source font developer Vernon Adams has passed away in California at the age of 49. In 2014, Adams was injured in an automobile collision, sustaining serious trauma from which he never fully recovered. Perhaps best known within the Linux community as the creator of KDE's user-interface font Oxygen, Adams created a total of 51 font families published through Google Fonts, all under open licenses. He was also active in a number of related free-software projects, including FontForge, Metapolator, and the Open Font Library. In 2012, he co-authored the user's guide for FontForge as part of Google's Summer of Code Documentation Camp, which we reported on at that time.
Speaking personally, Vernon was always quick to offer
encouragement and assistance
to newcomers—regardless of their experience with type
design, FontForge, or free software in general. There were also few people who put as
much energy into improving the usability of free-software design tools
as he did. In addition, he was a constant advocate for
free-software principles in the world of fonts—not just on
development lists and at libre graphics conferences, but on type forums as
well, where "open source" did not automatically garner a warm
reception. The tagline on his web
site was "fonts for everyone," and he meant it. He'll
Arch Linux has updated wireshark-cli (multiple vulnerabilities).
Debian has updated mupdf (two denial of service flaws).
openSUSE has updated Firefox (13.1: buffer overflow), firefox, nss (Leap42.1, 13.2: buffer overflow), phpMyAdmin (Leap42.1, 13.2; 13.1: multiple vulnerabilities), and typo3-cms-4_5 (Leap42.1, 13.2: three vulnerabilities).
Arch Linux has updated mediawiki (multiple vulnerabilities).
Red Hat has updated java-1.6.0-openjdk (RHEL5,6,7: multiple vulnerabilities).
Scientific Linux has updated java-1.6.0-openjdk (SL5,6,7: multiple vulnerabilities).
Fedora has updated eog (F23: out-of-bounds write).
openSUSE has updated ImageMagick (Leap42.1: three vulnerabilities).
CentOS has updated kernel (C6: TCP injection).
Debian-LTS has updated libgcrypt11 (flawed random number generation).
Fedora has updated eog (F24: out-of-bounds write), kernel (F23: use-after-free), mariadb (F23: multiple vulnerabilities), mingw-lcms2 (F24: heap memory leak), postgresql (F23: multiple vulnerabilities), and python (F23: proxy injection).
Oracle has updated kernel (O6: TCP injection).
Scientific Linux has updated kernel (SL6: TCP injection).
Version 5.0.0 of the KDevelop integrated development environment (IDE) has been released, marking the end of a two-year development cycle. The highlight is a move to Clang for C and C++ support: "The most prominent change certainly is the move away from our own, custom C++ analysis engine. Instead, C and C++ code analysis is now performed by clang." The announcement goes on to describe other benefits of using Clang, such as more accurate diagnostics and suggested fixes for many syntax errors. KDevelop has also been ported to KDE Frameworks 5 and Qt 5, which opens up the possibility of Windows releases down the line.
Arch Linux has updated libgcrypt (information disclosure).
SUSE has updated MozillaFirefox (SLE12: multiple vulnerabilities).