Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 27 March 2006
Date: Mon, 27 Mar 2006 06:28:31
Message-Id: 20060327075855.32550e4c.plate@gentoo.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 27 March 2006.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo news
9 ==============
10
11 Security team recruiting campaign
12 ---------------------------------
13
14 Security has always been one of the Gentoo project's strongest aspects. To
15 prevent the quality of GLSAs from dropping, the security team has started
16 to actively look for additional help among existing and future developers.
17 This recruitment campaign aims to compensate for the potential problems
18 that can delay the fixing of security bugs, including missing or inactive
19 package maintainers, but also a lack of GLSA coordinators. Other areas
20 that need more support are the KISS project (kernel security advisory
21 system) and glsa-check integration into Portage. If you're able and
22 willing to help with any of these security-related issues, please contact
23 one of the following project/subproject leaders:
24
25 * GLSA team: Sune Kloppenborg Jeppesen[1] or Stefan Cornelius[2] (who
26 replaces Thierry Carrez as operational co-lead)
27 * Kernel team: Tim Yamin[3]
28 * Audit team: Tavis Ormandy[4]
29 1. jaervosz@g.o
30 2. dercorny@g.o
31 3. plasmaroo@g.o
32 4. taviso@g.o
33
34
35 Note: See the latest security team meeting report for more details.
36
37 Bugzilla category change for the installer project
38 --------------------------------------------------
39
40 The maintainers of bugs.gentoo.org[5] have removed the old "Gentoo Linux
41 Installer" (GLI) component inside the "Gentoo Linux" category. Instead
42 they have added an "Installer" component as a "Gentoo Release Media"
43 subcategory. All the old bugs are already reassigned, and if you would
44 like to file a bug regarding the installer, please use the new component!
45
46 5. http://bugs.gentoo.org
47
48 Ruby on Rails 1.1 RC1 hits Portage
49 ----------------------------------
50
51 The first release candidate of Ruby on Rails[6] 1.1 is now in Portage. For
52 users running ~arch, it will add the new versions to their gem
53 installations without removing the old ones. They will be able to make use
54 of the new version, and can still lock their code to the old version if
55 they need to. The Portage versions all end in .4008, which represents
56 upstream's subversion repository commit number for the 1.1_RC1 release.
57
58 6. http://www.rubyonrails.com
59
60 Users who are interested in trying out the new versions are encouraged to
61 do so, and file bugs to either Gentoo[7] or http://dev.rubyonrails.org[8]
62 as appropriate. Those who want to lock their existing Rails applications
63 to a specific version, they can see the following URLs for information on
64 how to do so:
65
66 7. http://bugs.gentoo.org
67 8. http://dev.rubyonrails.org
68
69 * RC 1 announcement[9]
70 * How to lock to specific Rails versions[10]
71 9.
72 http://weblog.rubyonrails.com/articles/2006/03/22/rails-1-1-release-candidate-1-available
73 10.
74 http://wiki.rubyonrails.com/rails/pages/HowtoLockToSpecificRailsVersions
75
76
77 =========================
78 2. Heard in the community
79 =========================
80
81 Web forums
82 ----------
83
84 Timezone down under
85
86 Gentoo's timezone data was not updated in time to support the timezone
87 change made for the Commonwealth Games held in Australia until the end of
88 March. Several Australian states postponed the usual changeover to
89 daylight saving time until 2 April. To prevent clocks from running an hour
90 ahead of time for a whole week, check this thread:
91
92 * Newb: How to patch for Commonwealth Games DST[11]
93 11. http://forums.gentoo.org/viewtopic-t-423456.html
94
95
96 Suddenly the dungeon collapses
97
98 Are games in Gentoo inherently unsafe? A recently discovered vulnerability
99 in Nethack has sparked this lively debate. The vulnerability isn't in
100 Nethack though. It is caused by the way Gentoo handles games and was not a
101 problem for any other distro. Should we find a new way to handle the games
102 group? Come and join the debate!
103
104 * Gentoo games group leads to security hole - big surprise(!)[12]
105 12. http://forums.gentoo.org/viewtopic-t-446415.html
106
107
108 ======================
109 3. Gentoo in the press
110 ======================
111
112 ZDNet France (20 March 2006, in French)
113 ---------------------------------------
114
115 "Renaissance"[13] is the title of an animated movie by Christian Volckman
116 set in the year 2054 in Paris. A young scientist is being kidnapped, and
117 an obscure police officer is trying to get her back. While real human
118 actors were involved in the making of this "animated Matrix", it was
119 merely to capture their movements and have those transformed into
120 computer-generated black-and-white images -- rendered entirely on a
121 cluster of 200 Gentoo Linux servers. The French ZDNet website clearly
122 thought this was worth an article[14], which is based on an interview with
123 Julien Doussot, a technical director of "Attitude Studio"[15], the
124 creative team behind the scenes. In cinemas in France since last week.
125
126 13. http://www.renaissance-lefilm.com
127 14. http://www.zdnet.fr/actualites/informatique/0,39040745,39332299,00.htm
128 15. http://www.attitude-studio.com
129
130 Newsforge (21 March 2006)
131 -------------------------
132
133 "A distro of power"[16] is what Joseph Quigley calls Gentoo Linux in his
134 testimonial, published last Tuesday as the latest addition to Newsforge's
135 "My Desktop OS" mini-series. In spite of using Gentoo on what he calls a
136 "low-end system," he was impressed that he "could watch a DVD and compile
137 KDE simultaneously with few interruptions or glitches." There are those
138 who'd disagree on his 1.58GHz Sempron 2300 with 512MB of RAM being on the
139 low end of things, but then again: "If you have a higher-end system, you
140 won't be disappointed either," says Quigley.
141
142 16. http://os.newsforge.com/os/06/03/15/228227.shtml
143
144 =========================
145 4. Gentoo developer moves
146 =========================
147
148 Moves
149 -----
150
151 The following developers recently left the Gentoo project:
152
153 * None this week
154
155 Adds
156 ----
157
158 The following developers recently joined the Gentoo project:
159
160 * None this week
161
162 Changes
163 -------
164
165 The following developers recently changed roles within the Gentoo project:
166
167 * Thierry Carrez (koon) - stepped down as operational security co-lead
168 * Stefan Cornelius (DerCorny) - new operational security co-lead
169
170 ==================
171 5. Gentoo Security
172 ==================
173
174 PeerCast: Buffer overflow
175 -------------------------
176
177 PeerCast is vulnerable to a buffer overflow that may lead to the execution
178 of arbitrary code.
179
180 For more information, please see the GLSA Announcement[17]
181
182 17. http://www.gentoo.org/security/en/glsa/glsa-200603-17.xml
183
184 Pngcrush: Buffer overflow
185 -------------------------
186
187 Pngcrush is vulnerable to a buffer overflow which could potentially lead
188 to the execution of arbitrary code.
189
190 For more information, please see the GLSA Announcement[18]
191
192 18. http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml
193
194 cURL/libcurl: Buffer overflow in the handling of TFTP URLs
195 ----------------------------------------------------------
196
197 libcurl is affected by a buffer overflow in the handling of URLs for the
198 TFTP protocol, which could be exploited to compromise a user's system.
199
200 For more information, please see the GLSA Announcement[19]
201
202 19. http://www.gentoo.org/security/en/glsa/glsa-200603-19.xml
203
204 Macromedia Flash Player: Arbitrary code execution
205 -------------------------------------------------
206
207 Multiple vulnerabilities have been identified that allows arbitrary code
208 execution on a user's system via the handling of malicious SWF files.
209
210 For more information, please see the GLSA Announcement[20]
211
212 20. http://www.gentoo.org/security/en/glsa/glsa-200603-20.xml
213
214 Sendmail: Race condition in the handling of asynchronous signals
215 ----------------------------------------------------------------
216
217 Sendmail is vulnerable to a race condition which could lead to the
218 execution of arbitrary code with sendmail privileges.
219
220 For more information, please see the GLSA Announcement[21]
221
222 21. http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml
223
224 PHP: Format string and XSS vulnerabilities
225 ------------------------------------------
226
227 Multiple vulnerabilities in PHP allow remote attackers to inject arbitrary
228 HTTP headers, perform cross site scripting or in some cases execute
229 arbitrary code.
230
231 For more information, please see the GLSA Announcement[22]
232
233 22. http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml
234
235 NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
236 -----------------------------------------------------------
237
238 NetHack, Slash'EM and Falcon's Eye are vulnerable to local privilege
239 escalation vulnerabilities that could potentially allow the execution of
240 arbitrary code as other users.
241
242 For more information, please see the GLSA Announcement[23]
243
244 23. http://www.gentoo.org/security/en/glsa/glsa-200603-23.xml
245
246 RealPlayer: Buffer overflow vulnerability
247 -----------------------------------------
248
249 RealPlayer is vulnerable to a buffer overflow that could lead to remote
250 execution of arbitrary code.
251
252 For more information, please see the GLSA Announcement[24]
253
254 24. http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml
255
256 ===========
257 6. Bugzilla
258 ===========
259
260 Statistics
261 ----------
262
263 The Gentoo community uses Bugzilla (bugs.gentoo.org[25]) to record and
264 track bugs, notifications, suggestions and other interactions with the
265 development team. Between 19 March 2006 and 26 March 2006, activity on the
266 site has resulted in:
267
268 25. http://bugs.gentoo.org
269
270 * 832 new bugs during this period
271 * 481 bugs closed or resolved during this period
272 * 27 previously closed bugs were reopened this period
273
274 Of the 9756 currently open bugs: 66 are labeled 'blocker', 150 are labeled
275 'critical', and 536 are labeled 'major'.
276
277 Closed bug rankings
278 -------------------
279
280 The developers and teams who have closed the most bugs during this period
281 are:
282
283 * Gentoo Games[26], with 47 closed bugs[27]
284 * Gentoo Linux Gnome Desktop Team[28], with 21 closed bugs[29]
285 * Gentoo X-windows packagers[30], with 19 closed bugs[31]
286 * AMD64 Project[32], with 18 closed bugs[33]
287 * X11 External Driver Maintainers[34], with 14 closed bugs[35]
288 * Gentoo's Team for Core System packages[36], with 13 closed bugs[37]
289 * Gentoo KDE team[38], with 12 closed bugs[39]
290 * Gentoo Security[40], with 11 closed bugs[41]
291 26. games@g.o
292 27.
293 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-03-19&chfieldto=2006-03-26&resolution=FIXED&assigned_to=games@g.o
294 28. gnome@g.o
295 29.
296 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-03-19&chfieldto=2006-03-26&resolution=FIXED&assigned_to=gnome@g.o
297 30. x11@g.o
298 31.
299 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-03-19&chfieldto=2006-03-26&resolution=FIXED&assigned_to=x11@g.o
300 32. amd64@g.o
301 33.
302 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-03-19&chfieldto=2006-03-26&resolution=FIXED&assigned_to=amd64@g.o
303 34. x11-drivers@g.o
304 35.
305 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-03-19&chfieldto=2006-03-26&resolution=FIXED&assigned_to=x11-drivers@g.o
306 36. base-system@g.o
307 37.
308 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-03-19&chfieldto=2006-03-26&resolution=FIXED&assigned_to=base-system@g.o
309 38. kde@g.o
310 39.
311 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-03-19&chfieldto=2006-03-26&resolution=FIXED&assigned_to=kde@g.o
312 40. security@g.o
313 41.
314 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-03-19&chfieldto=2006-03-26&resolution=FIXED&assigned_to=security@g.o
315
316
317 New bug rankings
318 ----------------
319
320 The developers and teams who have been assigned the most new bugs during
321 this period are:
322
323 * Default Assignee for New Packages[42], with 32 new bugs[43]
324 * AMD64 Project[44], with 14 new bugs[45]
325 * Gentoo's Team for Core System packages[46], with 11 new bugs[47]
326 * Gentoo Sound Team[48], with 10 new bugs[49]
327 * Default Assignee for Orphaned Packages[50], with 10 new bugs[51]
328 * Gentoo Science Related Packages[52], with 7 new bugs[53]
329 * media-video herd[54], with 7 new bugs[55]
330 * Gentoo Toolchain Maintainers[56], with 6 new bugs[57]
331 42. maintainer-wanted@g.o
332 43.
333 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-03-19&chfieldto=2006-03-26&assigned_to=maintainer-wanted@g.o
334 44. amd64@g.o
335 45.
336 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-03-19&chfieldto=2006-03-26&assigned_to=amd64@g.o
337 46. base-system@g.o
338 47.
339 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-03-19&chfieldto=2006-03-26&assigned_to=base-system@g.o
340 48. sound@g.o
341 49.
342 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-03-19&chfieldto=2006-03-26&assigned_to=sound@g.o
343 50. maintainer-needed@g.o
344 51.
345 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-03-19&chfieldto=2006-03-26&assigned_to=maintainer-needed@g.o
346 52. sci@g.o
347 53.
348 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-03-19&chfieldto=2006-03-26&assigned_to=sci@g.o
349 54. media-video@g.o
350 55.
351 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-03-19&chfieldto=2006-03-26&assigned_to=media-video@g.o
352 56. toolchain@g.o
353 57.
354 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-03-19&chfieldto=2006-03-26&assigned_to=toolchain@g.o
355
356
357 ===============
358 7. GWN feedback
359 ===============
360
361 Please send us your feedback[58] and help make the GWN better.
362
363 58. gwn-feedback@g.o
364
365 ===============================
366 8. GWN subscription information
367 ===============================
368
369 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
370 gentoo-gwn+subscribe@g.o.
371
372 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
373 gentoo-gwn+unsubscribe@g.o from the email address you are
374 subscribed under.
375
376 ==================
377 9. Other languages
378 ==================
379
380 The Gentoo Weekly Newsletter is also available in the following languages:
381
382 * Danish[59]
383 * Dutch[60]
384 * English[61]
385 * German[62]
386 * French[63]
387 * Korean[64]
388 * Japanese[65]
389 * Italian[66]
390 * Polish[67]
391 * Portuguese (Brazil)[68]
392 * Portuguese (Portugal)[69]
393 * Russian[70]
394 * Spanish[71]
395 * Turkish[72]
396 59. http://www.gentoo.org/news/da/gwn/gwn.xml
397 60. http://www.gentoo.org/news/nl/gwn/gwn.xml
398 61. http://www.gentoo.org/news/en/gwn/gwn.xml
399 62. http://www.gentoo.org/news/de/gwn/gwn.xml
400 63. http://www.gentoo.org/news/fr/gwn/gwn.xml
401 64. http://www.gentoo.org/news/ko/gwn/gwn.xml
402 65. http://www.gentoo.org/news/ja/gwn/gwn.xml
403 66. http://www.gentoo.org/news/it/gwn/gwn.xml
404 67. http://www.gentoo.org/news/pl/gwn/gwn.xml
405 68. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
406 69. http://www.gentoo.org/news/pt/gwn/gwn.xml
407 70. http://www.gentoo.org/news/ru/gwn/gwn.xml
408 71. http://www.gentoo.org/news/es/gwn/gwn.xml
409 72. http://www.gentoo.org/news/tr/gwn/gwn.xml
410
411
412 Ulrich Plate <plate@g.o> - Editor
413 Andrew Gaffney <agaffney@g.o> - Author
414 Curtis Napier <curtis119@g.o> - Author
415 Caleb Tennis <caleb@g.o> - Author
416 --
417 gentoo-gwn@g.o mailing list
Report Message
Find on MARC Find on Google Groups