Debian: 2655-1: rails: Multiple vulnerabilities
(Mar 28) Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. [More…]
(Mar 28) Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. [More…]
(Mar 28) libxml2 could be made to hang if it received specially crafted input.
(Mar 28) Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
(Mar 28) Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]
The following bugs have been fixed:
[-] Backup fails on dumping smb_users table if perl-DBD-mysql package doesn’t installed (129117, 129657)
[-] If custom database schema has been created inside database that database can’t be backed up and restored on MS SQL 2008 SP2 (125163)
[-] Installation of psa-kav8 package on CentOS/RedHat 5.9 fails after libxml2.so.2 update
Following check item has been added:
– add notice about all mail list members of all domains will receive welcome messages about being added to their mail list again
(Mar 22) Several security issues were fixed in the kernel.
(Mar 27) Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Mar 26) It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Mar 25) Several security issues were fixed in OpenSSL.
(Mar 26) Several security issues were fixed in the kernel.
(Mar 26) Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More…]
(Mar 26) Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these [More…]
(Mar 25) GNOME Online Accounts could be made to expose sensitive information overthe network.
(Mar 25) Ruby could be made to hang if it received specially crafted input.
(Mar 25) Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
As part of the normal budgeting process, the Production Leadership Team has come up with six goals for 2013. Those goals concern releases of the Joomla Platform and the Joomla CMS, continuing maintenance updates, and outreach and promotion to a technical audience.
Our goal is to release at least three new versions of the Joomla Platform in 2013. The timing of releases is not exact and only used for the benefit of planning. As such, we anticipate the following releases this year.
The following sub-goals are also envisioned for the Joomla Platform.
The release strategy for the Joomla Platform differs a little from the CMS because we generally consider work within a “year” as opposed to work within a particular “version”. However, the system is a little ad hoc and we’d like to bring some clarity to releasing the Joomla Platform. In addition, we aim to ratify the deprecation policy.
We aim to look at tools that can be used to assist people working collaboratively on features within the Joomla Platform, and also help people work out what they can do, be that in the area of development, documentation or even general administrative maintenance. Possible outcomes could include a better policy by which we use Joomla Platform’s issue tracker on Github, or looking at other tools like Jira.
We aim, this year, to introduce namespacing to the Joomla Platform and to bring the core source tree in compliance with PSR-1. Doing so will allow the Joomla Platform to be integrated with other PHP projects and give developers using the Joomla Platform more options.
We want to challenge the Joomla development community to raise our code quality and, this year, to ensure that all packages in the core platform have no less than 50% code coverage (lines of code).
We want to encourage the Joomla development community to add complete documentation for at least five package that currently do not have documentation.
We will release new versions of the Joomla CMS according to this schedule:
We will use PLT summits to discuss issues regarding the releases, supplemented by virtual meetings. We will examine and discuss ideas from the Joomla Ideas Pool, the Joomla Feature Patch Tracker and other sources. We will use these to announce visions or themes for CMS releases.
To accomplish this, we need volunteer developers, documenters, and translators. We will facilitate Pizza, Bugs and Fun (PBF) events, code and documentation sprints, working group meetings, Student programmes, Roadmap Sessions and other such events.
The following sub-goals are also envisioned for the Joomla CMS.
We want to challenge the Joomla development community to raise our code quality and, this year, to ensure that the CMS libraries (the code found under /libraries/cms) have no less than 30% code coverage (lines of code).
In addition to unit testing the CMS libraries, unit test coverage should be expanded to other areas of the code, with a future goal of all PHP classes being testable. Prime candidates for unit testing would be the classes in the various /includes folders (application classes) and the FinderIndexer classes (administrator/components/com_finder/helpers/indexer).
Presently, the CMS is only enforcing a small subset of the Joomla Coding Standard, and excludes numerous files from being scanned for the various rules. Developers are encouraged to assist in bringing all files in compliance with the Joomla Coding Standards. This recognizes that the Joomla Coding Standard has different rules for alternate syntax in layout files.
The Joomla! CMS has numerous automated testing tools to assist in maintaining a high quality of code, however, patches to the CMS are not tested for compliance with these tests prior to being merged into the code base. Determine a method to enforce automated test compliance (unit and system testing, code standard compliance) without making the user contribution process more difficult.
While the fun part is new features and releases, a major part of our responsibility is to the existing releases. Normal maintenance releases of an existing long term support release will be made until 3 months after the general availability of the next long term support release. Ongoing support of the short term releases continues until a month after a superseding release. The number, timing, and nature of the maintenance releases depends on the circumstances.
The Joomla Bug Squad and the Joomla Security Strike Team are the main volunteers spearheading this effort.
The PLT aims to expand its outreach and promotion of Joomla to technical audiences, both those within and outside the Joomla project. We will do this by attending technical conferences and events, and speaking about current and future development within the project.
Members of the Joomla community will be invited to speak about and promote Joomla at events worldwide.
The Google Summer of Code program 2012 edition was very sucessful with several contributions to the Joomla Project (see http://conference.joomla.org/speakers/sessions/session/session/83-joomla-and-google-summer-of-code-2012.html). This year the Joomla Project plans to maintain support of this initiative and encourages the community to actively participate in the program.
We will be asking the development community to help us review the developer.joomla.org site to ensure that information is up-to-date, relevent and accurate. Our aim is that when people have questions about Joomla development, there is an easily found link on developer.joomla.org that they can be directed to that answers their question, or at least directs them to a place where they can find answers.
To do this, we will need a team of volunteers to help identify areas of the site that are missing content and need content modified.
Support the production teams in implementing improvements in the language areas of the project (“multilingual” and “language packages”). See these examples from 2012:
In agreement with the Translation Team, dedicate resources on improving processes and tools to automate the creation of translation packages and uploading them to the Joomla Languages Server.
Projects like Facebook (http://www.insidefacebook.com/…), RememberTheMilk (http://www.rememberthemilk.com/…/) or other projects using https://www.transifex.com are taking advantage of their communities in order to localize their software. Joomla is being translated by its community into 64 languages but there is plenty of space for more languages and more community participation. At the same time many Joomla 3rd party developers are searching for a solution on how their communities can contribute in the translation of their extensions. It is a goal for 2013 to study and identify common needs between the Joomla project and 3rd party developers interested in joining efforts to plan a solution for increasing the international community involvement in the translation of software. Some tools already exist that can be improved:http://extensions.joomla.org/extensions/languages/language-edition/17755
Since transitioning from SVN to Git in late 2011, the PLT has recognized that there have been struggles with the contribution process, particularly towards the CMS. Much of this headache exists in the issue/feature tracking processes, which are not connected to GitHub at present. The PLT aims to improve this process in 2013 by investigating ways to improve the existing Joomlacode infrastructure or evaluating the potential of implementing a new tracking system which suits the project requirements and improves the native integration with GitHub.
Feedback, comments, and discussion on the 2013 production goals are welcome. In order to facilitate communication, we encourage users to respond with their feedback on this thread on the Joomla General Development mailing list – https://groups.google.com/d/topic/joomla-dev-general/6K-mnKwzC2E/discussion.
(Mar 22) Several security issues were fixed in the kernel.
(Mar 22) Several security issues were fixed in the kernel.
(Mar 21) Updated openstack-nova packages that fix two security issues, several bugs, and add an enhancement are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Mar 21) Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Mar 21) Updated openstack-cinder packages that fix two security issues and add one enhancement are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Mar 21) Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Mar 20) Two security issues were fixed in Nova.
(Mar 21) Several security issues were fixed in the kernel.
(Mar 21) Updated Django packages that fix multiple security issues are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Mar 21) An updated openstack-packstack package that fixes one security issue and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate [More…]
Following check item has been added:
– check for enough inodes on Destination server
(Mar 20) A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the “displaymode” parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user’s browser session in [More…]
(Mar 20) Security Report Summary
58 queries. 8.75 mb Memory usage. 1.329 seconds.