Debsources is a project that provides a web-based interface into the source code of every package in the Debian software archive—not a small task by any means. But, as Stefano Zacchiroli and Matthieu Caneill explained in their DebConf 2015 session, Debsources is far more than a source-code browsing tool. It provides a searchable viewport into 20 years of free-software history, which makes it viable as a platform for many varieties of research and experimentation.
Arch Linux has updated chromium (multiple vulnerabilities).
Debian has updated pdns (denial of service).
Slackware has updated gdk (code execution).
Fedora has updated qemu (F21: multiple vulnerabilities).
Slackware has updated firefox (multiple vulnerabilities).
SUSE has updated kvm (SLE11SP4: code execution).
Google has announced that, beginning September 1, Chrome will no longer auto-play Flash-based ads in the company's popular AdWords program. The post frames this as a move to improve browsing performance for users, and notes that most Flash ads are automatically converted to HTML5 already. Commenting on the news, The Register notes that the change should also offer some additional protection against malware delivered via Flash. Chrome will continue to auto-play Flash content in the main body of pages, however. The Register's story says the change is, in fact, just a modification of the default setting for plugin behavior, which already supports an option to disable plugin content not deemed "important." Mozilla, of course, blacklisted the Flash plugin in July, although that action only disabled the then-current, vulnerable release—which was subsequently updated.
Arch Linux has updated firefox (multiple vulnerabilities).
Fedora has updated maradns (F21; F22: denial of service), openssh (F21: multiple vulnerabilities), php-guzzle-Guzzle (F21; F22: XML external entity attack), php-twig (F22: code execution), php-ZendFramework2 (F21; F22: XML external entity attack), rt (F21; F22: cross-site scripting), and rubygem-rack (F21: denial of service).
Mageia has updated drupal (M4,5: multiple vulnerabilities), python-django, python-django14 (M4,5: multiple vulnerabilities), subversion (M4,5: multiple vulnerabilities), thunderbird (M4,5: multiple vulnerabilities), and vlc (M4,5: code execution).
Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities).
SUSE has updated MozillaFirefox, mozilla-nss (SLE11: multiple vulnerabilities).
Debian has updated php5 (multiple vulnerabilities).
Fedora has updated mariadb (F21: unspecified).
Mageia has updated cgit (code execution from 2014).
Ubuntu has updated qemu, qemu-kvm (multiple vulnerabilities, including one from 2014).
Debian has updated twig (code execution).
Ubuntu has updated gdk-pixbuf (15.04, 14.04, 12.04: code execution).
At the 2015 edition of TypeCon in Denver, Adobe's Frank Grießhammer presented his
work reviving the famous Hershey fonts
from the Mid-Century era of computing. The original fonts were
tailor-made for early vector-based output devices but, although they
have retained a loyal following (often as a historical curiosity), they have never
produced as an installable digital font.