1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of 14 August 2006. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo news |
9 |
============== |
10 |
|
11 |
Linux World Conference and Expo - San Francisco |
12 |
----------------------------------------------- |
13 |
|
14 |
The Linux World Conference and Expo[1] kicks off this week in San |
15 |
Francisco. As usual, Gentoo will have a booth in the '.Org Pavillion'. |
16 |
The |
17 |
booth will be located between the GNOME and KDE projects. Gentoo will |
18 |
be |
19 |
showing the upcoming 2006.1 release as well as several architectures. |
20 |
This |
21 |
is a good opportunity to meet several Gentoo developers from across the |
22 |
United States. |
23 |
|
24 |
1. http://www.linuxworldexpo.com/live/12/events/12SFO06A |
25 |
|
26 |
The Expo floor is open from 15 August 2006 through 17 August 2006. |
27 |
|
28 |
OSL Rackathon |
29 |
------------- |
30 |
|
31 |
The Oregon State University Open Source Lab[2] is conducting a |
32 |
fundraiser, |
33 |
called Rackathon[3], to raise money for the project. The OSL hosts a |
34 |
large |
35 |
portion of the Gentoo infrastructure, several developer boxes, and |
36 |
provides the primary Gentoo mirror. They also host many other open |
37 |
source |
38 |
projects. Gentoo was the OSL's first client and is among the largest. |
39 |
Money raised will help cover the costs of this free hosting as well as |
40 |
other costs incurred by the project. Donations of 20 USD gets your name |
41 |
on |
42 |
a rack in the OSL for an entire year! |
43 |
|
44 |
2. http://osuosl.org |
45 |
3. http://osuosl.org/contribute/rackathon |
46 |
|
47 |
Donations to the OSL will help fund further Gentoo hosting and many |
48 |
other |
49 |
open source projects. |
50 |
|
51 |
PyBugz - Python interface to Bugzilla |
52 |
------------------------------------- |
53 |
|
54 |
Gentoo developer Alastair Tse[4] has created a Python-based command |
55 |
line |
56 |
interface to the Bugzilla issue tracking system. First conceived as a |
57 |
tool |
58 |
to speed up the workflow for Gentoo developers, PyBugz[5] has been |
59 |
tested |
60 |
on the XenSource and GNOME Bugzilla trackers, also. |
61 |
|
62 |
4. liquidx@g.o |
63 |
5. http://www.liquidx.net |
64 |
|
65 |
Gentoo users can install PyBugz by simply using emerge pybugz. |
66 |
|
67 |
====================== |
68 |
2. Gentoo in the press |
69 |
====================== |
70 |
|
71 |
Linux.com (11 Aug 2006) |
72 |
----------------------- |
73 |
|
74 |
Linux.com[6] has published an article, entitled 'Gentoo Portage |
75 |
Secrets[7]'. The article gives some helpful hints on how to utilize new |
76 |
features in portage 2.1 to optimize your Gentoo usage. |
77 |
|
78 |
6. http://www.linux.com |
79 |
7. http://www.linux.com/article.pl?sid=06/08/07/1952207 |
80 |
|
81 |
========================= |
82 |
3. Gentoo developer moves |
83 |
========================= |
84 |
|
85 |
Moves |
86 |
----- |
87 |
|
88 |
The following developers recently left the Gentoo project: |
89 |
|
90 |
* none this week |
91 |
|
92 |
Adds |
93 |
---- |
94 |
|
95 |
The following developers recently joined the Gentoo project: |
96 |
|
97 |
* none this week |
98 |
|
99 |
Changes |
100 |
------- |
101 |
|
102 |
The following developers recently changed roles within the Gentoo |
103 |
project: |
104 |
|
105 |
* none this week |
106 |
|
107 |
================== |
108 |
4. Gentoo security |
109 |
================== |
110 |
|
111 |
x11vnc: Authentication bypass in included LibVNCServer code |
112 |
----------------------------------------------------------- |
113 |
|
114 |
VNC servers created with x11vnc accept insecure protocol types, even |
115 |
when |
116 |
the server does not offer it, resulting in the possibility of |
117 |
unauthorized |
118 |
access to the server. |
119 |
|
120 |
For more information, please see the GLSA Announcement[8] |
121 |
|
122 |
8. http://www.gentoo.org/security/en/glsa/glsa-200608-12.xml |
123 |
|
124 |
ClamAV: Heap buffer overflow |
125 |
---------------------------- |
126 |
|
127 |
ClamAV is vulnerable to a heap-based buffer overflow resulting in a |
128 |
Denial |
129 |
of Service and potentially remote execution of arbitrary code. |
130 |
|
131 |
For more information, please see the GLSA Announcement[9] |
132 |
|
133 |
9. http://www.gentoo.org/security/en/glsa/glsa-200608-13.xml |
134 |
|
135 |
DUMB: Heap buffer overflow |
136 |
-------------------------- |
137 |
|
138 |
A heap-based buffer overflow in DUMB could result in the execution of |
139 |
arbitrary code. |
140 |
|
141 |
For more information, please see the GLSA Announcement[10] |
142 |
|
143 |
10. http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml |
144 |
|
145 |
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities |
146 |
------------------------------------------------------------------- |
147 |
|
148 |
Some applications shipped with MIT Kerberos 5 are vulnerable to local |
149 |
privilege escalation. |
150 |
|
151 |
For more information, please see the GLSA Announcement[11] |
152 |
|
153 |
11. http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml |
154 |
|
155 |
Warzone 2100 Resurrection: Multiple buffer overflows |
156 |
---------------------------------------------------- |
157 |
|
158 |
Warzone 2100 Resurrection server and client are vulnerable to separate |
159 |
buffer overflows, potentially allowing remote code execution. |
160 |
|
161 |
For more information, please see the GLSA Announcement[12] |
162 |
|
163 |
12. http://www.gentoo.org/security/en/glsa/glsa-200608-16.xml |
164 |
|
165 |
libwmf: Buffer overflow vulnerability |
166 |
------------------------------------- |
167 |
|
168 |
libwmf is vulnerable to an integer overflow potentially resulting in |
169 |
the |
170 |
execution of arbitrary code. |
171 |
|
172 |
For more information, please see the GLSA Announcement[13] |
173 |
|
174 |
13. http://www.gentoo.org/security/en/glsa/glsa-200608-17.xml |
175 |
|
176 |
Net::Server: Format string vulnerability |
177 |
---------------------------------------- |
178 |
|
179 |
A format string vulnerability has been reported in Net::Server which |
180 |
can |
181 |
be exploited to cause a Denial of Service. |
182 |
|
183 |
For more information, please see the GLSA Announcement[14] |
184 |
|
185 |
14. http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml |
186 |
|
187 |
WordPress: Privilege escalation |
188 |
------------------------------- |
189 |
|
190 |
A flaw in WordPress allows registered WordPress users to elevate |
191 |
privileges. |
192 |
|
193 |
For more information, please see the GLSA Announcement[15] |
194 |
|
195 |
15. http://www.gentoo.org/security/en/glsa/glsa-200608-19.xml |
196 |
|
197 |
=========== |
198 |
5. Bugzilla |
199 |
=========== |
200 |
|
201 |
Summary |
202 |
------- |
203 |
|
204 |
* Statistics |
205 |
* Closed bug ranking |
206 |
* New bug rankings |
207 |
|
208 |
Statistics |
209 |
---------- |
210 |
|
211 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[16]) to record and |
212 |
track bugs, notifications, suggestions and other interactions with the |
213 |
development team. Between 06 August 2006 and 13 August 2006, activity |
214 |
on |
215 |
the site has resulted in: |
216 |
|
217 |
16. http://bugs.gentoo.org |
218 |
|
219 |
* 780 new bugs during this period |
220 |
* 385 bugs closed or resolved during this period |
221 |
* 32 previously closed bugs were reopened this period |
222 |
|
223 |
Of the 10879 currently open bugs: 47 are labeled 'blocker', 138 are |
224 |
labeled 'critical', and 539 are labeled 'major'. |
225 |
|
226 |
Closed bug rankings |
227 |
------------------- |
228 |
|
229 |
The developers and teams who have closed the most bugs during this |
230 |
period |
231 |
are: |
232 |
|
233 |
* Gentoo Security[17], with 29 closed bugs[18] |
234 |
* Gentoo Games[19], with 17 closed bugs[20] |
235 |
* Portage team[21], with 16 closed bugs[22] |
236 |
* GNU Emacs Herd[23], with 15 closed bugs[24] |
237 |
* AMD64 Project[25], with 15 closed bugs[26] |
238 |
* Xavier Neys[27], with 14 closed bugs[28] |
239 |
* Michal Januszewski[29], with 11 closed bugs[30] |
240 |
* Perl Devs @ Gentoo[31], with 11 closed bugs[32] |
241 |
17. security@g.o |
242 |
18. |
243 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=security@g.o |
244 |
19. games@g.o |
245 |
20. |
246 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=games@g.o |
247 |
21. dev-portage@g.o |
248 |
22. |
249 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=dev-portage@g.o |
250 |
23. emacs@g.o |
251 |
24. |
252 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=emacs@g.o |
253 |
25. amd64@g.o |
254 |
26. |
255 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=amd64@g.o |
256 |
27. neysx@g.o |
257 |
28. |
258 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=neysx@g.o |
259 |
29. spock@g.o |
260 |
30. |
261 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=spock@g.o |
262 |
31. perl@g.o |
263 |
32. |
264 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=perl@g.o |
265 |
|
266 |
|
267 |
New bug rankings |
268 |
---------------- |
269 |
|
270 |
The developers and teams who have been assigned the most new bugs |
271 |
during |
272 |
this period are: |
273 |
|
274 |
* Default Assignee for New Packages[33], with 46 new bugs[34] |
275 |
* AMD64 Project[35], with 14 new bugs[36] |
276 |
* Java team[37], with 12 new bugs[38] |
277 |
* Gentoo Linux Gnome Desktop Team[39], with 10 new bugs[40] |
278 |
* Default Assignee for Orphaned Packages[41], with 8 new bugs[42] |
279 |
* Gentoo KDE team[43], with 7 new bugs[44] |
280 |
* Perl Devs @ Gentoo[45], with 6 new bugs[46] |
281 |
* X11 External Driver Maintainers[47], with 5 new bugs[48] |
282 |
33. maintainer-wanted@g.o |
283 |
34. |
284 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=maintainer-wanted@g.o |
285 |
35. amd64@g.o |
286 |
36. |
287 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=amd64@g.o |
288 |
37. java@g.o |
289 |
38. |
290 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=java@g.o |
291 |
39. gnome@g.o |
292 |
40. |
293 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=gnome@g.o |
294 |
41. maintainer-needed@g.o |
295 |
42. |
296 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=maintainer-needed@g.o |
297 |
43. kde@g.o |
298 |
44. |
299 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=kde@g.o |
300 |
45. perl@g.o |
301 |
46. |
302 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=perl@g.o |
303 |
47. x11-drivers@g.o |
304 |
48. |
305 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=x11-drivers@g.o |
306 |
|
307 |
|
308 |
=============== |
309 |
6. GWN feedback |
310 |
=============== |
311 |
|
312 |
Please send us your feedback[49] and help make the GWN better. |
313 |
|
314 |
49. gwn-feedback@g.o |
315 |
|
316 |
=============================== |
317 |
7. GWN subscription information |
318 |
=============================== |
319 |
|
320 |
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to |
321 |
gentoo-gwn+subscribe@g.o. |
322 |
|
323 |
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to |
324 |
gentoo-gwn+unsubscribe@g.o from the e-mail address you are |
325 |
subscribed under. |
326 |
|
327 |
================== |
328 |
8. Other languages |
329 |
================== |
330 |
|
331 |
The Gentoo Weekly Newsletter is also available in the following |
332 |
languages: |
333 |
|
334 |
* Chinese (Simplified)[50] |
335 |
* Danish[51] |
336 |
* Dutch[52] |
337 |
* English[53] |
338 |
* German[54] |
339 |
* French[55] |
340 |
* Korean[56] |
341 |
* Japanese[57] |
342 |
* Italian[58] |
343 |
* Polish[59] |
344 |
* Portuguese (Brazil)[60] |
345 |
* Portuguese (Portugal)[61] |
346 |
* Russian[62] |
347 |
* Spanish[63] |
348 |
* Turkish[64] |
349 |
50. http://www.gentoo.org/news/zh_cn/gwn/gwn.xml |
350 |
51. http://www.gentoo.org/news/da/gwn/gwn.xml |
351 |
52. http://www.gentoo.org/news/nl/gwn/gwn.xml |
352 |
53. http://www.gentoo.org/news/en/gwn/gwn.xml |
353 |
54. http://www.gentoo.org/news/de/gwn/gwn.xml |
354 |
55. http://www.gentoo.org/news/fr/gwn/gwn.xml |
355 |
56. http://www.gentoo.org/news/ko/gwn/gwn.xml |
356 |
57. http://www.gentoo.org/news/ja/gwn/gwn.xml |
357 |
58. http://www.gentoo.org/news/it/gwn/gwn.xml |
358 |
59. http://www.gentoo.org/news/pl/gwn/gwn.xml |
359 |
60. http://www.gentoo.org/news/pt_br/gwn/gwn.xml |
360 |
61. http://www.gentoo.org/news/pt/gwn/gwn.xml |
361 |
62. http://www.gentoo.org/news/ru/gwn/gwn.xml |
362 |
63. http://www.gentoo.org/news/es/gwn/gwn.xml |
363 |
64. http://www.gentoo.org/news/tr/gwn/gwn.xml |
364 |
|
365 |
|
366 |
Ulrich Plate <plate@g.o> - Editor |
367 |
Chris Gianelloni <wolf31o2@g.o> - Author |
368 |
|
369 |
|
370 |
|
371 |
-- |
372 |
gentoo-gwn@g.o mailing list |