Gentoo Archives: gentoo-gwn

From: Yuji Kosugi <carlos@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 25
Date: Tue, 22 Jun 2004 14:31:05
Message-Id: 20040622130810.GA3452@sparda.dyndns.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of June 21st, 2004.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo News
9 ==============
10
11 Announcing Wasabi 0.2
12 ---------------------
13
14 We're very pleased to announce that version 0.2 of Wasabi[1] has been
15 released. We introduced[2] Wasabi two weeks ago: it's a log monitoring
16 program initially developed for Gentoo infrastructure servers and now
17 hosted by Gentoo. Designed to watch one or more log files for lines
18 matching a regular expression, it can be set to send a notification email
19 whenever a matching line occurs, or to report on such lines periodically.
20 Changes in version 0.2 include multiple file support, large performance
21 gains, and better signal handling. For more information, read the
22 announcement[3] posted to gentoo-announce.
23
24 1. http://www.gentoo.org/proj/en/infrastructure/wasabi/index.xml
25 2. http://www.gentoo.org/news/en/gwn/20040607-newsletter.xml
26 3. http://article.gmane.org/gmane.linux.gentoo.announce/373
27
28 Gentoo Linux seeking new kernel developers
29 ------------------------------------------
30
31 The Gentoo Linux project is currently seeking for new developers
32 interested in helping the kernel team. We're looking for developers with a
33 lot of kernel experience as well as experience writing ebuilds. Interested
34 parties should send mail to recruiters@g.o.
35
36 ==================
37 2. Gentoo Security
38 ==================
39
40 Squirrelmail: Another XSS vulnerability
41 ---------------------------------------
42
43 Squirrelmail fails to properly sanitize user input, which could lead to a
44 compromise of webmail accounts.
45
46 For more information, please see the GLSA Announcement[4]
47
48 4. http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml
49
50 Horde-Chora: Remote code execution
51 ----------------------------------
52
53 A vulnerability in Chora allows remote code execution and file upload.
54
55 For more information, please see the GLSA Announcement[5]
56
57 5. http://www.gentoo.org/security/en/glsa/glsa-200406-09.xml
58
59 Gallery: Privilege escalation vulnerability
60 -------------------------------------------
61
62 There is a vulnerability in the Gallery photo album software which may
63 allow an attacker to gain administrator privileges within Gallery.
64
65 For more information, please see the GLSA Announcement[6]
66
67 6. http://www.gentoo.org/security/en/glsa/glsa-200406-10.xml
68
69 Horde-IMP: Input validation vulnerability
70 -----------------------------------------
71
72 An input validation vulnerability has been discovered in Horde-IMP.
73
74 For more information, please see the GLSA Announcement[7]
75
76 7. http://www.gentoo.org/security/en/glsa/glsa-200406-11.xml
77
78 Webmin: Multiple vulnerabilities
79 --------------------------------
80
81 Webmin contains two security vulnerabilities which could lead to a Denial
82 of Service attack and information disclosure.
83
84 For more information, please see the GLSA Announcement[8]
85
86 8. http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
87
88 Squid: NTLM authentication helper buffer overflow
89 -------------------------------------------------
90
91 Squid contains a bug where it fails to properly check bounds of the 'pass'
92 variable.
93
94 For more information, please see the GLSA Announcement[9]
95
96 9. http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml
97
98 aspell: Buffer overflow in word-list-compress
99 ---------------------------------------------
100
101 A bug in the aspell utility word-list-compress can allow an attacker to
102 execute arbitrary code.
103
104 For more information, please see the GLSA Announcement[10]
105
106 10. http://www.gentoo.org/security/en/glsa/glsa-200406-14.xml
107
108 Usermin: Multiple vulnerabilities
109 ---------------------------------
110
111 Usermin contains two security vulnerabilities which could lead to a Denial
112 of Service attack and information disclosure.
113
114 For more information, please see the GLSA Announcement[11]
115
116 11. http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
117
118 =========================
119 3. Heard in the Community
120 =========================
121
122 Web Forums
123 ----------
124
125 USE="-offensive"
126
127 Imagine working in a US corporation. Imagine further that you've convinced
128 your boss that Linux is your operating system of choice, and you've even
129 managed to sneek a Gentoo installation into a predominantly red-hatted
130 environment. And then you emerge Windowmaker, just when your boss glances
131 over your shoulder... Sexually explicit material packaged in a window
132 manager has stirred a controversy in the forums that oscillates between
133 calls for "emerge unmerge Janet Jackson" and the introduction of a new USE
134 flag that bans or allows emerging offensive material:
135
136 * Prude alert: Sexually explicit wm themes in emerge[12]
137 12. http://forums.gentoo.org/viewtopic.php?t=187352
138
139
140 gentoo-user
141 -----------
142
143 Removing old Kernel Source Trees
144
145 When upgrading your kernel sources, Gentoo will keep your old source trees
146 around, including in portage. This[13] thread has some pointers on how to
147 manage your kernel sources effectively.
148
149 13.
150 http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=28tk1-6Qx-9%
151 40gated-at.bofh.it&prev=/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie%3
152 DUTF-8%26group%3Dlinux.gentoo.user%26start%3D25
153
154 Simultaneous Emerges?
155
156 Is it safe to run multiple 'emerge' commands at once? Find out[14] here!
157
158 14.
159 http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=27M5k-6cu-9%
160 40gated-at.bofh.it&prev=/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie%3
161 DUTF-8%26group%3Dlinux.gentoo.user%26start%3D100
162
163 ===========
164 4. Bugzilla
165 ===========
166
167 Summary
168 -------
169
170 * Statistics
171 * Closed Bug Ranking
172 * New Bug Rankings
173
174 Statistics
175 ----------
176
177 The Gentoo community uses Bugzilla (bugs.gentoo.org[15]) to record and
178 track bugs, notifications, suggestions and other interactions with the
179 development team. Between 12 June 2004 and 18 June 2004, activity on the
180 site has resulted in:
181
182 15. http://bugs.gentoo.org
183
184 * 580 new bugs during this period
185 * 363 bugs closed or resolved during this period
186 * 13 previously closed bugs were reopened this period
187
188 Of the 6502 currently open bugs: 130 are labeled 'blocker', 190 are
189 labeled 'critical', and 514 are labeled 'major'.
190
191 Closed Bug Rankings
192 -------------------
193
194 The developers and teams who have closed the most bugs during this period
195 are:
196
197 * Jeremy Huddleston[16], with 32 closed bugs[17]
198 * Perl Devs @ Gentoo[18], with 25 closed bugs[19]
199 * AMD64 Porting Team[20], with 14 closed bugs[21]
200 * Gentoo X-windows Packagers[22], with 13 closed bugs[23]
201 * Mozilla Gentoo Team[24], with 12 closed bugs[25]
202 * Gentoo KDE Team[26], with 12 closed bugs[27]
203 16. eradicator@g.o
204 17.
205 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
206 field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
207 ED&assigned_to=eradicator@g.o
208 18. perl@g.o
209 19.
210 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
211 field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
212 ED&assigned_to=perl@g.o
213 20. amd64@g.o
214 21.
215 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
216 field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
217 ED&assigned_to=amd64@g.o
218 22. xfree@g.o
219 23.
220 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
221 field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
222 ED&assigned_to=xfree@g.o
223 24. mozilla@g.o
224 25.
225 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
226 field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
227 ED&assigned_to=mozilla@g.o
228 26. kde@g.o
229 27.
230 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
231 field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
232 ED&assigned_to=kde@g.o
233
234
235 New Bug Rankings
236 ----------------
237
238 The developers and teams who have been assigned the most new bugs during
239 this period are:
240
241 * Web-Apps Herd[28], with 27 new bugs[29]
242 * Gentoo's Team for Core System packages[30], with 23 new bugs[31]
243 * AMD64 Porting Team[32], with 21 new bugs[33]
244 * Gentoo Linux Gnome Desktop Team[34], with 17 new bugs[35]
245 * Java Team[36], with 12 new bugs[37]
246 28. webapps-request@g.o
247 29.
248 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
249 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
250 -18&assigned_to=webapps-request@g.o
251 30. base-system@g.o
252 31.
253 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
254 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
255 -18&assigned_to=base-system@g.o
256 32. amd64@g.o
257 33.
258 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
259 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
260 -18&assigned_to=amd64@g.o
261 34. gnome@g.o
262 35.
263 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
264 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
265 -18&assigned_to=gnome@g.o
266 36. java@g.o
267 37.
268 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
269 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
270 -18&assigned_to=java@g.o
271
272 ==================
273 5. Tips and Tricks
274 ==================
275
276 Tips and Tricks is on hiatus this week.
277
278 ===========================
279 6. Moves, Adds, and Changes
280 ===========================
281
282 Moves
283 -----
284
285 The following developers recently left the Gentoo team:
286
287 * Troy Dack (tad) - testing and tweaking
288
289 Adds
290 ----
291
292 The following developers recently joined the Gentoo Linux team:
293
294 * None this week
295
296 Changes
297 -------
298
299 The following developers recently changed roles within the Gentoo Linux
300 project:
301
302 * None this week
303
304 ====================
305 7. Contribute to GWN
306 ====================
307
308 Interested in contributing to the Gentoo Weekly Newsletter? Send us an
309 email[38].
310
311 38. gwn-feedback@g.o
312
313 ===============
314 8. GWN Feedback
315 ===============
316
317 Please send us your feedback[39] and help make the GWN better.
318
319 39. gwn-feedback@g.o
320
321 ===============================
322 9. GWN Subscription Information
323 ===============================
324
325 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
326 gentoo-gwn-subscribe@g.o.
327
328 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
329 gentoo-gwn-unsubscribe@g.o from the email address you are
330 subscribed under.
331
332 ===================
333 10. Other Languages
334 ===================
335
336 The Gentoo Weekly Newsletter is also available in the following languages:
337
338 * Danish[40]
339 * Dutch[41]
340 * English[42]
341 * German[43]
342 * French[44]
343 * Japanese[45]
344 * Italian[46]
345 * Polish[47]
346 * Portuguese (Brazil)[48]
347 * Portuguese (Portugal)[49]
348 * Russian[50]
349 * Spanish[51]
350 * Turkish[52]
351 40. http://www.gentoo.org/news/da/gwn/gwn.xml
352 41. http://www.gentoo.org/news/be/gwn/gwn.xml
353 42. http://www.gentoo.org/news/en/gwn/gwn.xml
354 43. http://www.gentoo.org/news/de/gwn/gwn.xml
355 44. http://www.gentoo.org/news/fr/gwn/gwn.xml
356 45. http://www.gentoo.org/news/ja/gwn/gwn.xml
357 46. http://www.gentoo.org/news/it/gwn/gwn.xml
358 47. http://www.gentoo.org/news/pl/gwn/gwn.xml
359 48. http://www.gentoo.org/news/br/gwn/gwn.xml
360 49. http://www.gentoo.org/news/pt/gwn/gwn.xml
361 50. http://www.gentoo.org/news/ru/gwn/gwn.xml
362 51. http://www.gentoo.org/news/es/gwn/gwn.xml
363 52. http://www.gentoo.org/news/tr/gwn/gwn.xml
364
365 Yuji Carlos Kosugi <carlos@g.o> - Editor
366 AJ Armstrong <aja@×××××××××××××.com> - Contributor
367 Brian Downey <bdowney@×××××××××××.net> - Contributor
368 Kurt Lieber <klieber@g.o> - Contributor
369 David Narayan <david@×××××××.net> - Contributor
370 Ulrich Plate <plate@g.o> - Contributor
371 Sven Vermeulen <swift@g.o> - Contributor
372 Simon Holm Thagersen <simon@××××××.net> - Danish Translation
373 Jesper Brodersen <broeman@g.o> - Danish Translation
374 Arne Mejlholm <aaby@g.o> - Danish Translation
375 Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
376 Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
377 Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
378 Peter ter Borg <peter@××××××.nl> - Dutch Translation
379 Jochen Maes <linux@××××.be> - Dutch Translation
380 Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
381 Gerard van den Berg <gerard@××××××.net> - Dutch Translation
382 Matthieu Montaudouin <mat@××××××××.com> - French Translation
383 Xavier Neys <neysx@g.o> - French Translation
384 Martin Prieto <riverdale@×××××××××.org> - French Translation
385 Antoine Raillon <cabec2@××××××.net> - French Translation
386 Sebastien Cevey <seb@×××××.net> - French Translation
387 Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
388 Thomas Raschbacher <lordvan@g.o> - German Translation
389 Steffen Lassahn <madeagle@g.o> - German Translation
390 Matthias F. Brandstetter <haim@g.o> - German Translation
391 Lukas Domagala <Cyrik@g.o> - German Translation
392 Tobias Scherbaum <dertobi123@g.o> - German Translation
393 Daniel Gerholdt <Sputnik1969@g.o> - German Translation
394 Marc Herren <dj-submerge@g.o> - German Translation
395 Tobias Matzat <SirSeoman@g.o> - German Translation
396 Marco Mascherpa <mush@××××××.net> - Italian Translation
397 Claudio Merloni <paper@×××××××.it> - Italian Translation
398 Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
399 Katuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
400 Hiroyuki Takeda <hiro@××××××××××××××.jp> - Japanese Translation
401 Masato Hatakeyama <hatake@×××××××××××.jp> - Japanese Translation
402 Masayoshi Nakamura <masayang@×××××××××.com> - Japanese Translation
403 Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
404 Tomoyuki Sakurai <web-gentoo-doc-jp@××××××××××××.nu> - Japanese Translation
405 Lukasz Strzygowski <lucass@××××××.pl> - Polish Translation
406 Karol Goralski <gooroo@××××××.pl> - Polish Translation
407 Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese
408 (Brazil) Translation
409 Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
410 Jo??o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil)
411 Translation
412 Marcelo Gon??alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese
413 (Brazil) Translation
414 Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil)
415 Translation
416 Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese
417 (Brazil) Translation
418 Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
419 Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil)
420 Translation
421 Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal)
422 Translation
423 Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal)
424 Translation
425 Jos?? Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
426 Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
427 Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
428 Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
429 Sergey Galkin <gals_home@××××.ru> - Russian Translator
430 Sergey Kuleshov <svyatogor@g.o> - Russian Translator
431 Alex Spirin <asp13@××××.ru> - Russian Translator
432 Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
433 Lanark <lanark@××××××××××.ar> - Spanish Translation
434 Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
435 Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
436 Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
437 Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
438 Jes??s Garc??a Crespo <correo@××××××.com> - Spanish Translation
439 Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
440 Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
441 Sergio G??mez <s3r@××××××××××××.ar> - Spanish Translation
442 Aycan Irican <aycan@××××××××.tr> - Turkish Translation
443 Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
444 Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
445 Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
446 Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
447 Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation