Gentoo Weekly Newsletter: 26 March 2007Developer of the week: Daniel Drake (dsd)
Twenty year old Daniel Drake is one of the Gentoo Linux kernel team and is in the middle getting a Computer Science masters degree. He's studying at the University of Manchester, UK, but this year, Daniel is doing an industrial placement working for Brontes Technologies in the US. Brontes is building a handheld 3D medical imaging device based on Gentoo Linux and using some custom software. You can find info about them at http://www.brontes3d.com. Daniel started using Linux around March 1999, but then suddenly dropped it. In 2003, he started using it again and in 2004 he started developing. Gentoo developer Seemant Kulleen mentored him during that time. Although we all know of Daniel's work as a kernel developer, he didn't actually start in the Gentoo Linux kernel development team. Daniel used to develop GNOME and Mono, which he still does when he finds the time. At the moment, Daniel is handling 2.6 kernel bugs, kernel maintenance in Gentoo Linux and working on 2 projects: drivers for USB-WLAN adapters, and reverse engineering Microsoft fingerprint scanning devices. Daniel likes music a lot. His taste mostly revolves around non-mainstream rock, such as The Beta Band, Mogwai and Soulwax. Though Daniel doesn't have a lot of free time, he often enjoys his student life, by going out and reading a good book. He also likes to go to conferences, and organized the Gentoo UK event last year. When Daniel fires up his desktop, he uses: GNOME, vim, git, Mozilla Firefox, audacious, Mozilla Thunderbird and irssi. Germany, Gentoo Village, Berlin Instead of holding another Gentoo Summer Camp this year, there will be a Gentoo Village at Chaos Communication Camp 2007. The Chaos Communication Camp is from 8 August to 12 August at Finow airport in Berlin. All Gentoo users can camp together at the Gentoo Village, a small part of the camping ground. If you need more details on the CCC you can look at the blog. There is also a video documentation of the CCC 2003 provided. A program focusing on Gentoo is planned, but not yet ready. If you want to contribute e.g held a speech, please write about it in the Wiki. The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
Amarok: User-assisted remote execution of arbitrary code The Magnatune component shipped with Amarok is vulnerable to the injection of arbitrary shell code from a malicious Magnatune server. For more information, please see the GLSA Announcement SILC Server: Denial of Service SILC Server is affected by a Denial of Service vulnerability. For more information, please see the GLSA Announcement SSH Communications Security's Secure Shell Server: SFTP privilege escalation The SSH Secure Shell Server SFTP function is vulnerable to privilege escalation. For more information, please see the GLSA Announcement Asterisk: SIP Denial of Service Asterisk is vulnerable to Denial of Service in the SIP channel. For more information, please see the GLSA Announcement PostgreSQL: Multiple vulnerabilities PostgreSQL contains two vulnerabilities that could result in a Denial of Service or unauthorized access to certain information. For more information, please see the GLSA Announcement Apache JK Tomcat Connector: Remote execution of arbitrary code The Apache Tomcat Connector (mod_jk) contains a buffer overflow vulnerability that could result in the remote execution of arbitrary code. For more information, please see the GLSA Announcement ulogd: Remote execution of arbitrary code ulogd contains a possible buffer overflow potentially allowing for the remote execution of arbitrary code. For more information, please see the GLSA Announcement Mozilla Thunderbird: Multiple vulnerabilities Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of which may allow user-assisted arbitrary remote code execution. For more information, please see the GLSA Announcement LTSP: Authentication bypass in included LibVNCServer code LTSP includes a version of libVNCServer that is vulnerable to an authentication bypass. For more information, please see the GLSA Announcement LSAT: Insecure temporary file creation LSAT insecurely creates temporary files which can lead to symlink attacks allowing a local user to overwrite arbitrary files. For more information, please see the GLSA Announcement PHP contains several vulnerabilities including a heap buffer overflow, potentially leading to the remote execution of arbitrary code under certain conditions. For more information, please see the GLSA Announcement Mozilla Network Security Service: Remote execution of arbitrary code The Mozilla Network Security Services libraries are vulnerable to two buffer overflows that could result in the remote execution of arbitrary code. For more information, please see the GLSA Announcement WordPress: Multiple vulnerabilities Wordpress contains several cross-site scripting, cross-site request forgery and information leak vulnerabilities. For more information, please see the GLSA Announcement This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 18 March 2007 and 25 March 2007, activity on the site has resulted in:
Of the 10246 currently open bugs: 17 are labeled 'blocker', 102 are labeled 'critical', and 403 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better. 8. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
