Gentoo Weekly Newsletter: 14 August 2006

1.  Gentoo news

Linux World Conference and Expo - San Francisco

The Linux World Conference and Expo kicks off this week in San Francisco. As usual, Gentoo will have a booth in the '.Org Pavillion'. The booth will be located between the GNOME and KDE projects. Gentoo will be showing the upcoming 2006.1 release as well as several architectures. This is a good opportunity to meet several Gentoo developers from across the United States.

The Expo floor is open from 15 August 2006 through 17 August 2006.

OSL Rackathon

The Oregon State University Open Source Lab is conducting a fundraiser, called Rackathon, to raise money for the project. The OSL hosts a large portion of the Gentoo infrastructure, several developer boxes, and provides the primary Gentoo mirror. They also host many other open source projects. Gentoo was the OSL's first client and is among the largest. Money raised will help cover the costs of this free hosting as well as other costs incurred by the project. Donations of 20 USD gets your name on a rack in the OSL for an entire year!

Donations to the OSL will help fund further Gentoo hosting and many other open source projects.

PyBugz - Python interface to Bugzilla

Gentoo developer Alastair Tse has created a Python-based command line interface to the Bugzilla issue tracking system. First conceived as a tool to speed up the workflow for Gentoo developers, PyBugz has been tested on the XenSource and GNOME Bugzilla trackers, also.

Gentoo users can install PyBugz by simply using emerge pybugz.

2.  Gentoo in the press

Linux.com (11 Aug 2006)

Linux.com has published an article, entitled 'Gentoo Portage Secrets'. The article gives some helpful hints on how to utilize new features in portage 2.1 to optimize your Gentoo usage.

3.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

• none this week

Adds

The following developers recently joined the Gentoo project:

• none this week

Changes

The following developers recently changed roles within the Gentoo project:

• none this week

4.  Gentoo security

x11vnc: Authentication bypass in included LibVNCServer code

VNC servers created with x11vnc accept insecure protocol types, even when the server does not offer it, resulting in the possibility of unauthorized access to the server.

For more information, please see the GLSA Announcement

ClamAV: Heap buffer overflow

ClamAV is vulnerable to a heap-based buffer overflow resulting in a Denial of Service and potentially remote execution of arbitrary code.

For more information, please see the GLSA Announcement

DUMB: Heap buffer overflow

A heap-based buffer overflow in DUMB could result in the execution of arbitrary code.

For more information, please see the GLSA Announcement

MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Some applications shipped with MIT Kerberos 5 are vulnerable to local privilege escalation.

For more information, please see the GLSA Announcement

Warzone 2100 Resurrection: Multiple buffer overflows

Warzone 2100 Resurrection server and client are vulnerable to separate buffer overflows, potentially allowing remote code execution.

For more information, please see the GLSA Announcement

libwmf: Buffer overflow vulnerability

libwmf is vulnerable to an integer overflow potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

Net::Server: Format string vulnerability

A format string vulnerability has been reported in Net::Server which can be exploited to cause a Denial of Service.

For more information, please see the GLSA Announcement

WordPress: Privilege escalation

A flaw in WordPress allows registered WordPress users to elevate privileges.

For more information, please see the GLSA Announcement

5.  Bugzilla

Summary

• Statistics
• Closed bug ranking
• New bug rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 06 August 2006 and 13 August 2006, activity on the site has resulted in:

• 780 new bugs during this period
• 385 bugs closed or resolved during this period
• 32 previously closed bugs were reopened this period

Of the 10879 currently open bugs: 47 are labeled 'blocker', 138 are labeled 'critical', and 539 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

• Gentoo Security, with 29 closed bugs
• Gentoo Games, with 17 closed bugs
• Portage team, with 16 closed bugs
• GNU Emacs Herd, with 15 closed bugs
• AMD64 Project, with 15 closed bugs
• Xavier Neys, with 14 closed bugs
• Michal Januszewski, with 11 closed bugs
• Perl Devs @ Gentoo, with 11 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

• Default Assignee for New Packages, with 46 new bugs
• AMD64 Project, with 14 new bugs
• Java team, with 12 new bugs
• Gentoo Linux Gnome Desktop Team, with 10 new bugs
• Default Assignee for Orphaned Packages, with 8 new bugs
• Gentoo KDE team, with 7 new bugs
• Perl Devs @ Gentoo, with 6 new bugs
• X11 External Driver Maintainers, with 5 new bugs

6.  GWN feedback

Please send us your feedback and help make the GWN better.

7.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

8.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

• Chinese (Simplified)
• Danish
• Dutch
• English
• German
• French
• Korean
• Japanese
• Italian
• Polish
• Portuguese (Brazil)
• Portuguese (Portugal)
• Russian
• Spanish
• Turkish