Gentoo Logo

Gentoo Weekly Newsletter: 29 January 2007

Content:

1.  Gentoo News

Xfce 4.4 released

After several months of development, Xfce released version 4.4 last week. It was quickly added to the tree by Gentoo's Xfce team. The panel plugins and extra utilities have been updated, and some new applications have been added for 4.4. Use xfce-base/xfce4-extras to get them all, or choose the ones you want from the xfce-extra/ category.

Also, Peter Weller has been testing this release on Gentoo/FreeBSD and it seems to work pretty well, except for some programs which need minor fixing.

Second anniversary of Gentoo Forum Netherlands

On January 22nd, the Gentoo Forum Netherlands celebrated its 2nd anniversary. Started on January 22nd, 2005, GFN has grown into a community with more than 175 registred members. Forum questions are devotedly investigated, replied and followed until they are resolved. It is not only the advanced users' questions that are being answered, but questions from newcomers and the-not-so-battle-hardened users are investigated with the same amount of interest.

However, serious work must be enlightened by humour, games and chats. And that is the other bright side of GFN. The high number of posts (4572) in the Coffee Corner proves there are frequent sessions of chatting about non-serious subjects. Also, since a few weeks ago, GFN has had its own Unreal Tournament server, which is used often by the regular visitors. With this balance we spread the Gentoo spirit within a linguistic area counting 20 million people.

To find out more about Gentoo Forum Netherlands or to join, visit http://gentoo-forum.nl.

2.  Heard in the community

planet.gentoo.org

Gatt beta released

Arch testers' workload has been greatly eased, now that Matthias Langer's gatt program has been released. gatt helps with handling stabilization and keywording bugs. Interested people can always join an arch-team IRC channel (such as #gentoo-x86) to help out as an arch tester. All arch-teams can be found on the base project page.

New PS3 stages on mirrors

This week, the Gentoo Linux for PS3 development team released a new stage4 tarball. It's available for download on the mirrors, as are the snapshots used to build the stage4 repository.

3.  Gentoo International

USA: SCALE 5x, Los Angeles, CA

That's right! SCALE 5x is coming up quickly. The event runs February 10 through February 11th. Don't miss out on two mini-conferences held on the 9th, Women in Open Source and Open Source Healthcare.

You can find Gentoo at booth #63. Our development team is glad to present you the following list of developers that will be attending:

Name Nickname
Steve Arnold nerdboy
Christel Dahlskjaer christel
Steve Dibb beandog
Mike Doty kingtaco
Joshua Jackson tsunam
Peter Johanson latexer
Stephanie J. Lockwood-Childs wormo
Elfyn McBratney beu
Daniel Ostrow dostrow
Joshua Saddler nightmorph
David Shakaryan omp
Chris White chriswhite
Nicholas D. Wolfwood blackace

Some of the developers will also attending a live showing of Rocky Horror Picture Show on Saturday night, February 10.

Questions? Mail scale@gentoo.org, or ask the developers in person at SCALE. ;)

4.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • Matthew Kennedy (mkennedy)

Adds

The following developers recently joined the Gentoo project:

  • none this week

Changes

The following developers recently changed roles within the Gentoo project:

  • none this week

5.  Gentoo security

Fetchmail: Denial of Service and password disclosure

Fetchmail has been found to have numerous vulnerabilities allowing for Denial of Service and password disclosure.

For more information, please see the GLSA Announcement

Mod_auth_kerb: Denial of Service

Mod_auth_kerb is vulnerable to a buffer overflow possibly allowing a Denial of Service.

For more information, please see the GLSA Announcement

Sun JDK/JRE: Multiple vulnerabilities

Multiple unspecified vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE).

For more information, please see the GLSA Announcement

Adobe Acrobat Reader: Multiple vulnerabilities

Adobe Acrobat Reader is vulnerable to remote code execution, Denial of Service, and cross-site scripting attacks.

For more information, please see the GLSA Announcement

libgtop: Privilege escalation

libgtop improperly handles filenames, possibly allowing for the execution of arbitrary code.

For more information, please see the GLSA Announcement

xine-ui: Format string vulnerabilities

xine-ui improperly handles format strings, possibly allowing for the execution of arbitrary code.

For more information, please see the GLSA Announcement

OpenLDAP: Insecure usage of /tmp during installation

A shell script commonly released with OpenLDAP makes insecure usage of files in /tmp during the emerge process.

For more information, please see the GLSA Announcement

Centericq: Remote buffer overflow in LiveJournal handling

Centericq does not properly handle communications with the LiveJournal service, allowing for the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

MIT Kerberos 5: Arbitrary Remote Code Execution

Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the execution of arbitrary code.

For more information, please see the GLSA Announcement

Squid: Multiple Denial of Service vulnerabilities

Two vulnerabilities have been found in Squid which make it susceptible to Denial of Service attacks.

For more information, please see the GLSA Announcement

Cacti: Command execution and SQL injection

Cacti has three vulnerabilities that could allow shell command execution or SQL injection.

For more information, please see the GLSA Announcement

VLC media player: Format string vulnerability

VLC media player improperly handles format strings, allowing for the execution of arbitrary code.

For more information, please see the GLSA Announcement

X.Org X server: Multiple vulnerabilities

Sean Larsson from iDefense Labs has found multiple vulnerabilities in the DBE and Render extensions.

For more information, please see the GLSA Announcement

6.  Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Removals:

Package: Removal date: Contact:
net-misc/bcm4400 23 Jan 2007 Daniel Drake
dev-lang/cm3 24 Jan 2007 Mike Frysinger
sys-apps/pcsc-ase-iiie-drv 24 Jan 2007 Alon Bar-Lev
media-libs/libmusepack 25 Jan 2007 Diego Pettenò
x11-themes/bmpx-themes 27 Jan 2007 Patrick McLean
media-libs/swfdec 27 Jan 2007 Raúl Porcel
dev-java/jakarta-tomcat-jasper 27 Jan 2007 William Thomson
app-emulation/i8086emu 28 Jan 2007 Denis Dupeyron
dev-ada/asis 28 Jan 2007 George Shapovalov
net-im/mercury-bin 28 Jan 2007 Gustavo Felisberto

Additions:

Package: Addition date: Contact:
app-text/gnochm 22 Jan 2007 Ryan Hill
app-portage/gatt-svn 23 Jan 2007 Christian Faulhammer
dev-perl/Sys-Statistics-Linux 23 Jan 2007 Michael Cummings
xfce-extra/xfce4-timer 23 Jan 2007 Peter Weller
dev-java/fontbox 24 Jan 2007 Petteri Räty
dev-scheme/scm 24 Jan 2007 Marijn Schouten
app-admin/pprocm 25 Jan 2007 Michael Cummings
dev-perl/GD-Barcode 25 Jan 2007 Christian Hartmann
dev-java/rundoc 25 Jan 2007 Petteri Räty
net-p2p/bitstormlite 26 Jan 2007 Raúl Porcel
dev-java/snip 26 Jan 2007 Petteri Räty
app-doc/linux-kernel-in-a-nutshell 26 Jan 2007 Mike Frysinger
net-p2p/dbhub 26 Jan 2007 Raúl Porcel
net-misc/tipcutils 26 Jan 2007 Gustavo Zacarias
dev-lang/xsb 28 Jan 2007 Keri Harris
x11-plugins/compiz-extra 28 Jan 2007 Hanno Boeck
media-libs/wxsvg 28 Jan 2007 Ryan Hill
app-text/searchmonkey 28 Jan 2007 Raúl Porcel
sys-fs/davl 28 Jan 2007 Raúl Porcel

Last Rites:

Package: Removal date: Contact:
mail-client/ximian-connector 24 Feb 07 Daniel Gryniewicz
net-misc/e100 24 Mar 07 Alec Warner

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 21 January 2007 and 28 January 2007, activity on the site has resulted in:

  • 754 new bugs during this period
  • 455 bugs closed or resolved during this period
  • 31 previously closed bugs were reopened this period
  • 170 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 137 bugs marked as duplicates during this period

Of the 10729 currently open bugs: 19 are labeled 'blocker', 106 are labeled 'critical', and 454 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated January 29, 2007

Summary: This is the Gentoo Weekly Newsletter for the week of 29 January 2007.

Chris Gianelloni
Editor

Ben de Groot
Author

Dimitry Bradt
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.