Gentoo Weekly Newsletter: 14 May 2007

1. Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

Hubert Mercier (anigel)

Adds

The following developers recently joined the Gentoo project:

none this week

Changes

The following developers recently changed roles within the Gentoo project:

none this week

2. Gentoo security

Lighttpd: Two Denials of Service

Two vulnerabilities have been discovered in Lighttpd, each allowing for a Denial of Service.

For more information, please see the GLSA Announcement

GIMP: Buffer overflow

GIMP is vulnerable to a buffer overflow which may lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

IPsec-Tools: Denial of Service

IPsec-Tools contains a vulnerability that allows a remote attacker to crash the IPsec tunnel.

For more information, please see the GLSA Announcement

LibXfont, TightVNC: Multiple vulnerabilities

Multiple vulnerabilities have been reported in libXfont and TightVNC, allowing for the execution of arbitrary code with root privileges.

For more information, please see the GLSA Announcement

MySQL: Two Denial of Service vulnerabilities

Two Denial of Service vulnerabilities have been discovered in MySQL.

For more information, please see the GLSA Announcement

PostgreSQL: Privilege escalation

PostgreSQL contains a vulnerability that could result in SQL privilege escalation.

For more information, please see the GLSA Announcement

ImageMagick: Multiple buffer overflows

Multiple integer overflows have been discovered in ImageMagick allowing for the execution of arbitrary code.

For more information, please see the GLSA Announcement

XScreenSaver: Privilege escalation

XScreenSaver allows local users to bypass authentication under certain configurations.

For more information, please see the GLSA Announcement

3. Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Removals:

Package:	Removal date:	Contact:
net-misc/libupnp	07 May 2007	Bjarke Istrup Pedersen
www-misc/nscache	07 May 2007	Raúl Porcel
www-misc/nsopenssl	07 May 2007	Raúl Porcel
www-misc/nssha1	07 May 2007	Raúl Porcel
www-misc/nsxml	07 May 2007	Raúl Porcel
www-servers/aolserver	07 May 2007	Raúl Porcel
app-emulation/tiger	07 May 2007	Raúl Porcel
sys-apps/evkeyd	07 May 2007	Raúl Porcel
media-libs/libuta	07 May 2007	Raúl Porcel
net-misc/cipe	07 May 2007	Raúl Porcel
app-text/biblestudy	07 May 2007	Raúl Porcel
net-wireless/orinoco	10 May 2007	Stefan Schweizer
xfce-base/libxfce4menu	11 May 2007	Samuli Suominen
net-misc/aria	11 May 2007	Raúl Porcel
mail-client/mahogany	11 May 2007	Bryan Østergaard
media-sound/DBMix	11 May 2007	Steve Dibb
sys-cluster/openpbs	12 May 2007	Donnie Berkholz
dev-java/jdbc3-postgresql	12 May 2007	Petteri Räty

Additions:

Package:	Addition date:	Contact:
net-im/openfire	07 May 2007	Gustavo Felisberto
dev-java/xmlgraphics-commons	07 May 2007	Vlastimil Babka
dev-java/xsd2jibx	07 May 2007	Vlastimil Babka
dev-java/simplyhtml	07 May 2007	Vlastimil Babka
x11-plugins/pidgin-otr	07 May 2007	Timothy Redaelli
app-admin/apache-tools	07 May 2007	Christian Heim
net-libs/libupnp	07 May 2007	Bjarke Istrup Pedersen
app-vim/securemodelines	07 May 2007	Mike Kelly
app-doc/repodoc	07 May 2007	Jose Luis Rivero
app-vim/vcscommand	08 May 2007	Mike Kelly
dev-libs/gnulib	08 May 2007	Timothy Redaelli
dev-java/jlayer	08 May 2007	Petteri Räty
games-puzzle/xphotohunter	08 May 2007	Alfredo Tupone
dev-perl/Gearman	09 May 2007	Robin H. Johnson
dev-perl/Gearman-Server	09 May 2007	Robin H. Johnson
dev-perl/Gearman-Client-Async	09 May 2007	Robin H. Johnson
dev-perl/Perlbal-XS-HTTPHeaders	09 May 2007	Robin H. Johnson
dev-util/tig	09 May 2007	Greg KH
media-sound/jtagger	09 May 2007	Petteri Räty
x11-plugins/pidgin-encryption	09 May 2007	Olivier Crete
app-vim/vimball	09 May 2007	Mike Kelly
dev-perl/IO-AIO	09 May 2007	Robin H. Johnson
net-wireless/orinoco-sn	10 May 2007	Stefan Schweizer
net-wireless/orinoco-usb	10 May 2007	Stefan Schweizer
games-board/openyahtzee	11 May 2007	Alfredo Tupone
net-wireless/bluez-gnome	11 May 2007	Petteri Räty
dev-util/giggle	11 May 2007	Saleem Abdulrasool
media-libs/amrnb	12 May 2007	Steve Dibb
media-libs/amrwb	12 May 2007	Steve Dibb
app-portage/himerge	13 May 2007	Luis Francisco Araujo
games-board/ascal	13 May 2007	Alfredo Tupone
sys-power/powertop	13 May 2007	Stefan Schweizer

Last Rites:

Package:	Removal date:	Contact:
dev-java/jswat	9 June 2007	Petteri Räty
app-vim/sudo	9 June 2007	Mike Kelly
net-www/mod_bandwidth	14 June 2007	Luca Longinotti
net-www/mod_gzip	14 June 2007	Luca Longinotti
net-www/mod_mp3	14 June 2007	Luca Longinotti
net-www/mod_ssl	14 June 2007	Luca Longinotti
net-www/mod_throttle	14 June 2007	Luca Longinotti
www-apache/mod_backhand	14 June 2007	Luca Longinotti
www-apache/mod_lisp	14 June 2007	Luca Longinotti
www-misc/libapreq	14 June 2007	Luca Longinotti

4. Bugzilla

Summary

Statistics
Closed bug ranking
New bug rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 06 May 2007 and 13 May 2007, activity on the site has resulted in:

670 new bugs during this period
437 bugs closed or resolved during this period
27 previously closed bugs were reopened this period
167 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
100 bugs marked as duplicates during this period

Of the 10023 currently open bugs: 12 are labeled 'blocker', 112 are labeled 'critical', and 354 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

Python Gentoo Team, with 37 closed bugs
Gentoo Release Team, with 21 closed bugs
Mobile Herd, with 17 closed bugs
Java team, with 17 closed bugs
Gentoo Security, with 16 closed bugs
Xavier Neys, with 12 closed bugs
Davide Cendron, with 11 closed bugs
Gentoo KDE team, with 11 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

Default Assignee for New Packages, with 21 new bugs
AMD64 Project, with 19 new bugs
Gentoo's Team for Core System packages, with 12 new bugs
Alec Warner, with 10 new bugs
PHP Bugs, with 6 new bugs
Default Assignee for Orphaned Packages, with 6 new bugs
Netmon Herd, with 5 new bugs
Net-Mail Packages, with 5 new bugs

5. GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

6. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

7. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

Page updated May 14, 2007

Summary: This is the Gentoo Weekly Newsletter for the week of 14 May 2007.

Chris Gianelloni
Editor

Peter Weller
Author

Donate to support our development efforts.