Gentoo Weekly Newsletter: 19 January 2008Gentoo's PR group recently announced that publication of the Gentoo Weekly Newsletter will be stopped in favor of a new Gentoo Monthly Newsletter (GMN). This will be the last edition of the GWN, and will only cover statistics for activity during the period between 15th October and 21st December 2007. The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
OpenSSL: Remote execution of arbitrary code OpenSSL contains a vulnerability allowing execution of arbitrary code or a Denial of Service. For more information, please see the GLSA Announcement Opera: Multiple vulnerabilities Opera contains multiple vulnerabilities, which may allow the execution of arbitrary code. For more information, please see the GLSA Announcement gFTP: Multiple vulnerabilities Two buffer overflow vulnerabilities have been discovered in fsplib code used in gFTP. For more information, please see the GLSA Announcement A flaw has been discovered in OpenSSH which could allow a local attacker to bypass security restrictions. For more information, please see the GLSA Announcement Gallery: Multiple vulnerabilities The WebDAV and Reupload modules of Gallery contain multiple unspecified vulnerabilities. For more information, please see the GLSA Announcement Evolution: User-assisted remote execution of arbitrary code The IMAP client of Evolution contains a vulnerability potentially leading to the execution of arbitrary code. For more information, please see the GLSA Announcement Multiple issues have been identified in SiteBar that might allow execution of arbitrary code and arbitrary file disclosure. For more information, please see the GLSA Announcement Apache: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache, possibly resulting in a Denial of Service or the disclosure of sensitive information. For more information, please see the GLSA Announcement Python: User-assisted execution of arbitrary code Multiple integer overflow vulnerabilities have been discovered in Python, possibly resulting in the execution of arbitrary code or a Denial of Service. For more information, please see the GLSA Announcement libpng: Multiple Denials of Service Several vulnerabilities in libpng may allow a remote attacker to crash applications that handle untrusted images. For more information, please see the GLSA Announcement MadWifi does not correctly process beacon frames which can lead to a remotely triggered Denial of Service. For more information, please see the GLSA Announcement Mono's BigInteger implementation contains a buffer overflow vulnerability that might lead to the execution of arbitrary code. For more information, please see the GLSA Announcement Nagios Plugins: Two buffer overflows Two buffer overflow vulnerabilities in the Nagios Plugins might allow for remote execution of arbitrary code. For more information, please see the GLSA Announcement Tomboy: User-assisted execution of arbitrary code Tomboy doesn't properly handle environment variables, potentially allowing a local attacker to execute arbitrary code. For more information, please see the GLSA Announcement A vulnerability has been discovered in 3proxy, possibly resulting in a Denial of Service. For more information, please see the GLSA Announcement Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox, SeaMonkey and XULRunner, potentially allowing to compromise a user's system. For more information, please see the GLSA Announcement Multiple integer overflow vulnerabilities were found in FLAC possibly allowing for the execution of arbitrary code. For more information, please see the GLSA Announcement CUPS contains a boundary checking error that might lead to the execution of arbitrary code. For more information, please see the GLSA Announcement Ruby on Rails: Multiple vulnerabilities Several vulnerabilities were found in Ruby on Rails allowing for file disclosure and theft of user credentials. For more information, please see the GLSA Announcement GNU cpio contains a buffer overflow vulnerability, possibly resulting in a Denial of Service. For more information, please see the GLSA Announcement TikiWiki: Multiple vulnerabilities Multiple vulnerabilities have been discovered in TikiWiki, possibly resulting in the remote execution of arbitrary code. For more information, please see the GLSA Announcement Pioneers: Multiple Denials of Service Two Denial of Service vulnerabilities were discovered in Pioneers. For more information, please see the GLSA Announcement Bochs: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Bochs, possibly allowing for the execution of arbitrary code or a Denial of Service. For more information, please see the GLSA Announcement Poppler, KDE: User-assisted execution of arbitrary code Poppler and various KDE components are vulnerable to multiple memory management issues possibly resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement VMware Workstation and Player: Multiple vulnerabilities VMware guest operating systems might be able to execute arbitrary code with elevated privileges on the host operating system through multiple flaws. For more information, please see the GLSA Announcement Mozilla Thunderbird: Multiple vulnerabilities Multiple vulnerabilities have been reported in Mozilla Thunderbird, which may allow user-assisted arbitrary remote code execution. For more information, please see the GLSA Announcement A Denial of Service vulnerability was found in MySQL. For more information, please see the GLSA Announcement teTeX: Multiple vulnerabilities Multiple vulnerabilities have been discovered in teTeX, possibly allowing to execute arbitrary code or overwrite arbitrary files. For more information, please see the GLSA Announcement Link Grammar: User-assisted execution of arbitrary code A buffer overflow vulnerability has been discovered in Link Grammar. For more information, please see the GLSA Announcement A buffer overflow in the Regular Expression engine in Perl possibly allows for the execution of arbitrary code. For more information, please see the GLSA Announcement Samba: Execution of arbitrary code Samba contains two buffer overflow vulnerabilities potentially resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement PCRE: Multiple vulnerabilities PCRE is vulnerable to multiple buffer overflow and memory corruption vulnerabilities, possibly leading to the execution of arbitrary code. For more information, please see the GLSA Announcement A Denial of Service vulnerability has been discovered in Net-SNMP when processing GETBULK requests. For more information, please see the GLSA Announcement Feynmf: Insecure temporary file creation A vulnerability has been discovered in Feynmf allowing local users to overwrite arbitrary files via a symlink attack. For more information, please see the GLSA Announcement nss_ldap: Information disclosure A race condition might lead to theft of user credentials or information disclosure in services using nss_ldap. For more information, please see the GLSA Announcement CSTeX: Multiple vulnerabilities Multiple vulnerabilities were discovered in CSTeX, possibly allowing to execute arbitrary code or overwrite arbitrary files. For more information, please see the GLSA Announcement Hugin: Insecure temporary file creation A vulnerability has been discovered in Hugin, potentially allowing for a Denial of Service. For more information, please see the GLSA Announcement An SQL injection vulnerability has been discovered in Cacti. For more information, please see the GLSA Announcement GNU Emacs: Multiple vulnerabilities Two vulnerabilities were found in GNU Emacs possibly leading to the execution of arbitrary code. For more information, please see the GLSA Announcement Cairo: User-assisted execution of arbitrary code Multiple integer overflows were discovered in Cairo, possibly leading to the execution of arbitrary code. For more information, please see the GLSA Announcement PEAR::MDB2: Information disclosure A vulnerability when handling database input in PEAR::MDB2 allows remote attackers to obtain sensitive information. For more information, please see the GLSA Announcement Firebird: Multiple buffer overflows Multiple stack-based buffer overflows were discovered in Firebird. For more information, please see the GLSA Announcement Lookup: Insecure temporary file creation Lookup uses temporary files in an insecure manner, allowing for a symlink attack. For more information, please see the GLSA Announcement AMD64 x86 emulation Qt library: Multiple vulnerabilities Multiple vulnerabilities in the AMD64 x86 emulation Qt library may lead to the remote execution of arbitrary code in Qt applications. For more information, please see the GLSA Announcement Ruby-GNOME2: Format string error A format string error has been discovered in Ruby-GNOME2, possibly leading to the execution of arbitrary code. For more information, please see the GLSA Announcement Samba: Execution of arbitrary code Samba contains a buffer overflow vulnerability potentially resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement Portage: Information disclosure Portage may disclose sensitive information when updating configuration files. For more information, please see the GLSA Announcement IRC Services: Denial of Service A Denial of Service vulnerability has been reported in IRC Services. For more information, please see the GLSA Announcement E2fsprogs: Multiple buffer overflows Multiple heap-based buffer overflows in E2fsprogs could result in the execution of arbitrary code. For more information, please see the GLSA Announcement CUPS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. For more information, please see the GLSA Announcement This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 15 October 2007 and 21 December 2007, activity on the site has resulted in:
Of the 10008 currently open bugs: 13 are labeled 'blocker', 102 are labeled 'critical', and 326 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
We solicit feedback from the community on the transition from the GWM to GMN. Please get in touch with us at gmn-feedback@gentoo.org with your ideas on what the GMN should look like. The GMN relies on members of the community to write articles for it. If you are interested in writing for the GMN, send email to gmn-writers@gentoo.org. 7. GMN subscription information To subscribe to the Gentoo Monthly Newsletter, send a blank e-mail to gentoo-gmn+subscribe@gentoo.org. Note that existing subscribers to the GWN will continue receiving the monthly newsletter, no re-subscription is required. To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. |
|
