Security updates have been issued by Debian (aspell, graphite-web, imagemagick, mediawiki, milkytracker, nfs-utils, and openjdk-11), Fedora (kernel, kernel-headers, kernel-tools, mediawiki, and radare2), openSUSE (dhcp, libpcap, lighttpd, and tcpdump), Scientific Linux (java-1.8.0-openjdk), Slackware (python), SUSE (bluez, kernel, and python-xdg), and Ubuntu (aspell).
Security updates have been issued by Debian (apache2 and unbound), Fedora (opendmarc, runc, and sudo), openSUSE (epiphany, GraphicsMagick, and libopenmpt), Oracle (kernel and sudo), Red Hat (java-1.8.0-openjdk, jss, kernel, kernel-rt, and kpatch-patch), SUSE (crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer, libpcap, sudo, and tcpdump), and Ubuntu (aspell and libsdl1.2).
The pull request changing the name of Perl 6 to Raku has been
merged. See the
full text for more information. “This document describes the steps
to be taken to effectuate a rename of ‘Perl 6’ to ‘Raku’, as described in
issue #81. It does not pretend to be complete in scope or in time. To
change a name of a project that has been running for 19+ years will take
time, a lot of effort and a lot of cooperation. It will affect people in
foreseen and unforeseen ways.” (Thanks to Sean Whitton)
Security updates have been issued by Arch Linux (chromium, sdl, and unbound), Debian (clamav, libdatetime-timezone-perl, openssl, tcpdump, and tzdata), Fedora (cutter-re, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-parent, libapreq2, ming, opendmarc, radare2, and thunderbird), openSUSE (chromium), Oracle (kernel), and SUSE (axis, jakarta-commons-fileupload, kernel, sles12sp3-docker-image, sles12sp4-image, system-user-root, and webkit2gtk3).
Richard Stallman has issued a brief statement saying that there will not be
any radical changes in the GNU Project’s goals, principles and
policies. “I would like to make incremental changes in how some
decisions are made, because I won’t be here forever and we need to ready
others to make GNU Project decisions when I can no longer do so. But these
won’t lead to unbounded or radical changes.”
Security updates have been issued by Debian (jackson-databind, libapreq2, libreoffice, novnc, phpbb3, and ruby-mini-magick), Fedora (mbedtls and mosquitto), Mageia (xpdf), openSUSE (bind, firefox, nginx, openssl-1_0_0, php7, python-numpy, and thunderbird), Oracle (kernel), SUSE (ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff, bind, compat-openssl098, nginx, and openssl-1_0_0), and Ubuntu (linux-kvm, linux-raspi2, linux-snapdragon and openexr).
Security updates have been issued by Arch Linux (exim, ruby, ruby-rdoc, ruby2.5, and systemd), Debian (openconnect), Mageia (thunderbird), openSUSE (lxc and mosquitto), Oracle (kernel and patch), Scientific Linux (patch), SUSE (firefox, java-1_7_0-ibm, and sqlite3), and Ubuntu (clamav).
Security updates have been issued by CentOS (kernel), Debian (jackson-databind, libapreq2, and subversion), Fedora (glpi, memcached, and zeromq), openSUSE (rust), Oracle (kernel), Red Hat (patch), and SUSE (dovecot23, git, jasper, libseccomp, and thunderbird).
Security updates have been issued by Debian (openssl and openssl1.0), Fedora (expat, kernel, kernel-headers, kernel-tools, and phpMyAdmin), openSUSE (nghttp2 and u-boot), Oracle (kernel), Red Hat (rh-nodejs8-nodejs), Slackware (libpcap), SUSE (bind, jasper, libgcrypt, openssl-1_0_0, and php7), and Ubuntu (clamav).
Security updates have been issued by Debian (apache2, linux-4.9, netty, phpbb3, and poppler), openSUSE (chromium, djvulibre, ghostscript, python-numpy, SDL2, and varnish), Oracle (nodejs:10), Red Hat (httpd24-httpd and httpd24-nghttp2, kpatch-patch, and rh-nodejs10-nodejs), and Ubuntu (linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and SDL 2.0).
Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-based
buffer overflow in string_vformat that could lead to remote code
execution. “The currently known exploit uses a extraordinary long
EHLO string to crash the Exim process that is receiving the message. While
at this mode of operation Exim already dropped its privileges, other paths to
reach the vulnerable code may exist.”
Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4).
Security updates have been issued by Debian (kernel, libgcrypt20, and spip), Fedora (compat-openssl10, expat, ghostscript, ibus, java-1.8.0-openjdk-aarch32, and SDL2_image), openSUSE (bird, chromium, kernel, libreoffice, links, and varnish), Oracle (httpd:2.4 and qemu-kvm), Red Hat (kernel), Scientific Linux (qemu-kvm), SUSE (djvulibre, dovecot22, ghostscript, kernel, libxml2, and python-Twisted), and Ubuntu (file-roller and libreoffice).
Google Code-in (GCI) provides
students ages 13 to 17 the opportunity to participate in open source
projects. Google has announced the
2019 round of GCI. “New contributors bring fresh perspectives,
ideas, and enthusiasm into their open source communities, helping them
thrive. Throughout the last 9 years, 58 GCI organizations helped 11,000
students from 108 countries make real contributions to open source
projects; and to this day many of those students continue to participate in
various open source communities and many have become mentors themselves!
Some have even gone on to join Google Summer of Code (GSoC).”
Organizations that are interested in mentoring students can apply for GCI
starting October 10. GCI begins December 2, 2019 and ends January 23, 2020.