Gentoo Weekly Newsletter: 29 January 2007After several months of development, Xfce released version 4.4 last week. It was quickly added to the tree by Gentoo's Xfce team. The panel plugins and extra utilities have been updated, and some new applications have been added for 4.4. Use xfce-base/xfce4-extras to get them all, or choose the ones you want from the xfce-extra/ category. Also, Peter Weller has been testing this release on Gentoo/FreeBSD and it seems to work pretty well, except for some programs which need minor fixing. Second anniversary of Gentoo Forum Netherlands On January 22nd, the Gentoo Forum Netherlands celebrated its 2nd anniversary. Started on January 22nd, 2005, GFN has grown into a community with more than 175 registred members. Forum questions are devotedly investigated, replied and followed until they are resolved. It is not only the advanced users' questions that are being answered, but questions from newcomers and the-not-so-battle-hardened users are investigated with the same amount of interest. However, serious work must be enlightened by humour, games and chats. And that is the other bright side of GFN. The high number of posts (4572) in the Coffee Corner proves there are frequent sessions of chatting about non-serious subjects. Also, since a few weeks ago, GFN has had its own Unreal Tournament server, which is used often by the regular visitors. With this balance we spread the Gentoo spirit within a linguistic area counting 20 million people. To find out more about Gentoo Forum Netherlands or to join, visit http://gentoo-forum.nl. Gatt beta released Arch testers' workload has been greatly eased, now that Matthias Langer's gatt program has been released. gatt helps with handling stabilization and keywording bugs. Interested people can always join an arch-team IRC channel (such as #gentoo-x86) to help out as an arch tester. All arch-teams can be found on the base project page. New PS3 stages on mirrors This week, the Gentoo Linux for PS3 development team released a new stage4 tarball. It's available for download on the mirrors, as are the snapshots used to build the stage4 repository. USA: SCALE 5x, Los Angeles, CA That's right! SCALE 5x is coming up quickly. The event runs February 10 through February 11th. Don't miss out on two mini-conferences held on the 9th, Women in Open Source and Open Source Healthcare. You can find Gentoo at booth #63. Our development team is glad to present you the following list of developers that will be attending:
Some of the developers will also attending a live showing of Rocky Horror Picture Show on Saturday night, February 10. Questions? Mail scale@gentoo.org, or ask the developers in person at SCALE. ;) The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
Fetchmail: Denial of Service and password disclosure Fetchmail has been found to have numerous vulnerabilities allowing for Denial of Service and password disclosure. For more information, please see the GLSA Announcement Mod_auth_kerb: Denial of Service Mod_auth_kerb is vulnerable to a buffer overflow possibly allowing a Denial of Service. For more information, please see the GLSA Announcement Sun JDK/JRE: Multiple vulnerabilities Multiple unspecified vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE). For more information, please see the GLSA Announcement Adobe Acrobat Reader: Multiple vulnerabilities Adobe Acrobat Reader is vulnerable to remote code execution, Denial of Service, and cross-site scripting attacks. For more information, please see the GLSA Announcement libgtop improperly handles filenames, possibly allowing for the execution of arbitrary code. For more information, please see the GLSA Announcement xine-ui: Format string vulnerabilities xine-ui improperly handles format strings, possibly allowing for the execution of arbitrary code. For more information, please see the GLSA Announcement OpenLDAP: Insecure usage of /tmp during installation A shell script commonly released with OpenLDAP makes insecure usage of files in /tmp during the emerge process. For more information, please see the GLSA Announcement Centericq: Remote buffer overflow in LiveJournal handling Centericq does not properly handle communications with the LiveJournal service, allowing for the remote execution of arbitrary code. For more information, please see the GLSA Announcement MIT Kerberos 5: Arbitrary Remote Code Execution Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the execution of arbitrary code. For more information, please see the GLSA Announcement Squid: Multiple Denial of Service vulnerabilities Two vulnerabilities have been found in Squid which make it susceptible to Denial of Service attacks. For more information, please see the GLSA Announcement Cacti: Command execution and SQL injection Cacti has three vulnerabilities that could allow shell command execution or SQL injection. For more information, please see the GLSA Announcement VLC media player: Format string vulnerability VLC media player improperly handles format strings, allowing for the execution of arbitrary code. For more information, please see the GLSA Announcement X.Org X server: Multiple vulnerabilities Sean Larsson from iDefense Labs has found multiple vulnerabilities in the DBE and Render extensions. For more information, please see the GLSA Announcement This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 21 January 2007 and 28 January 2007, activity on the site has resulted in:
Of the 10729 currently open bugs: 19 are labeled 'blocker', 106 are labeled 'critical', and 454 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better. 9. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|