---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 20 February 2006.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
FOSDEM to open gates on Saturday
--------------------------------
Europe's finest and grandest open-source developer conference, FOSDEM,
will be held this coming weekend (25 and 26 February) in Brussels. Gentoo
has a booth in the exhibition area with various architectures on display
on both Saturday and Sunday. For the second year in a row, Gentoo will
underline its role in development with its own "devroom", featuring an
entire day of presentations by Gentoo developers, most of them open to the
public, except for an internal Gentoo dev meeting around lunch time. The
Gentoo Devroom will be held on Sunday, 26 February, and the schedule[1] --
subject to change on short notice, but reasonably stable as of today --
spans from 9:00 to 16:30 hours.
1. http://fosdem.org/2006/index/dev_room_gentoo/schedule
The European Gentoo devs are particularly happy about three overseas
visitors, release engineering lead and x86 release coordinator Chris
Gianelloni[2] and AMD64 developer Mike Doty[3] from the US, and CJK
maintainer Mamoru Komachi[4] from Japan will join their European
colleagues in the dev room.
2. wolf31o2@gentoo.org
3. kingtaco@gentoo.org
4. usata@gentoo.org
A social event for the Gentoo developers in Brussels is scheduled for
Saturday night, if you would like to participate in the dinner, please
send a message to organizer Patrick Lauer[5].
5. patrick@gentoo.org
Request for comments: Qmail to move on
--------------------------------------
The Qmail team is investigating ongoing maintenance of qmail in the
Portage tree, and moving towards netqmail. They are considering changing
their patching policy to move towards having a single large combined patch
which would be the result of merging all the existing patches used. In
attempting to undertake this, they are also interested in which of qmail's
functionality is unused and which ones are missing. The Qmail team is
investigating ongoing maintenance of qmail in the Portage tree, and moving
towards netqmail. They are considering changing their patching policy to
move towards having a single large combined patch which would be the
result of merging all the existing patches used.
In attempting to undertake this, they are also interested in which of
qmail's functionality is unused and which ones are missing.
* Do you use something other than qmail to handle the SMTP frontend?
Qsmtp, qpsmtp, mailfront? Additional scripts from qmail-spp?
* Are there any users of qmail-mysql at all? The last bug dates from late
2003. If there is no demand for the package, we wish to drop it from the
tree.
* Any users experienced with maintaining and modifying qmail-ldap? Please
contact them, since they need more qmail-ldap experience as the original
developer handling it has moved on.
Note: Please contact them at qmail-bugs@gentoo.org, they would love to
hear from you.
=========================
2. Heard in the community
=========================
gentoo-dev
----------
Berlios-hosted SRC_URI components
The Berlios project offers hosting for Open Source projects, including CVS
and file mirrors. After a restructuring of their (often overloaded)
servers the download source location has changed - direct URIs are no
longer used, instead a URI with a "magic key" is used. Also each download
tarball seems to have an extra "garbage" byte, effectively breaking
digests as they are used for Gentoo downloads. This means that as long as
Berlios does not change their policy all SRC_URIs in ebuilds need to be
changed and fetching files may fail due to digest mismatches. Discussion
is still ongoing as to how the situation should be handled.
* Berlios-hosted SRC_URI components [6]
6. http://thread.gmane.org/gmane.linux.gentoo.devel/36077
Bugzilla etiquette suggestions
As there are often incomplete or duplicate bugs filed on our bugzilla the
bugwranglers (the persons sorting and assigning bugs) sometimes respond in
ways that are perceived to be very negative by the person filing the bug.
Especially the INVALID bug resolution can often cause a very emotional
response. Daniel Drake[7] offers some suggestions for developers to avoid
unneeded conflicts with bugs, but the following discussion also has some
hints for users that wish to file bugs.
7. dsd@gentoo.org
* Bugzilla etiquette suggestions [8]
8. http://thread.gmane.org/gmane.linux.gentoo.devel/35968
Gentoo Council Meeting Summary (20060209)
The monthly meeting of the Gentoo Council happened on February 9th. The
only point on the regular agenda was GLEP 44 (Manifest2 support) which was
delayed until some technical issues are resolved.
* Gentoo Council Meeting Summary (20060209)[9]
9. http://thread.gmane.org/gmane.linux.gentoo.devel/35878
=======================
3. Gentoo international
=======================
UK: Kaboot, a Gentoo-based distribution
---------------------------------------
Kaboot[10] is a Gentoo-based Linux-LiveCD distribution. Currently
available in four flavours, Recovery, Lite, Science and -- just released
-- Kaboot Komplete, Kaboot aims to provide an OS on a CD or USB which you
can take anywhere with you and will boot any system. Development is
progressing steadily, and the author Hanni Ali[11] hopes to release the
first USB versions in early March. The ISOs of the currently available
versions vary in size from just over 80MB to around 550MB.
10. http://kaboot.ainkaboot.co.uk/
11. http://kaboot.ainkaboot.co.uk/contact.php
======================
4. Gentoo in the press
======================
Mactel Linux (16 February 2006)
-------------------------------
Various online media including Slashdot[12], engadget[13] and PC
Magazine[14] were quick to pick up the success story of Edgar Hucek's
Linux installation on one of the new Intel-driven Macintosh PCs, a 17"
iMac with dual core. "Using elilo and a modified Linux kernel, we can boot
from a USB hard disk on the 17" iMac Core Duo. We are using the hacked
vesafb driver to inherit the bootloader's framebuffer. Gentoo runs and can
compile the Linux kernel," states the project's website[15].
Congratulations!
12. http://linux.slashdot.org/article.pl?sid=06/02/16/2025243
13. http://cellphones.engadget.com/2006/02/16/linux-boots-on-intel-imacs/
14. http://www.pcmag.com/article2/0,1895,1928357,00.asp
15. http://www.mactel-linux.org
PC Web (7 February 2006, in Japanese)
-------------------------------------
Gentoo's BSD project got an honorable mention in one of Japan's most
important online computer magazines, PC Web. Quoting from a thread in the
BSD mailing list, author Daichi Goto points to "Gentoo GNU/kFreeBSD" as
using the best of both worlds: userland from Gentoo, kernel from FreeBSD.
Interesting even to those unable to read Japanese, the article carries
four screenshots of a working installation.
=========================
5. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* None this week
Adds
----
The following developers recently joined the Gentoo project:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo project:
* None this week
==================
6. Gentoo Security
==================
Xpdf, Poppler: Heap overflow
----------------------------
Xpdf and Poppler are vulnerable to a heap overflow that may be exploited
to execute arbitrary code.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
KPdf: Heap based overflow
-------------------------
KPdf includes vulnerable Xpdf code to handle PDF files, making it
vulnerable to the execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
ImageMagick: Format string vulnerability
----------------------------------------
A vulnerability in ImageMagick allows attackers to crash the application
and potentially execute arbitrary code.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml
Sun JDK/JRE: Applet privilege escalation
----------------------------------------
Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not
adequately constrain applets from privilege escalation and arbitrary code
execution.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml
libtasn1, GNU TLS: Security flaw in DER decoding
------------------------------------------------
A flaw in the parsing of Distinguished Encoding Rules (DER) has been
discovered in libtasn1, potentially resulting in the execution of
arbitrary code.
For more information, please see the GLSA Announcement[20]
20. http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
BomberClone: Remote execution of arbitrary code
-----------------------------------------------
BomberClone is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[21]
21. http://www.gentoo.org/security/en/glsa/glsa-200602-09.xml
GnuPG: Incorrect signature verification
---------------------------------------
Applications relying on GnuPG to authenticate digital signatures may
incorrectly believe a signature has been verified.
For more information, please see the GLSA Announcement[22]
22. http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml
===========
7. Bugzilla
===========
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[23]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 12 February 2006 and 19 February 2006, activity
on the site has resulted in:
23. http://bugs.gentoo.org
* 815 new bugs during this period
* 442 bugs closed or resolved during this period
* 28 previously closed bugs were reopened this period
Of the 9341 currently open bugs: 75 are labeled 'blocker', 152 are labeled
'critical', and 526 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo Linux Gnome Desktop Team[24], with 17 closed bugs[25]
* Xavier Neys[26], with 15 closed bugs[27]
* Gentoo's Team for Core System packages[28], with 15 closed bugs[29]
* AMD64 Porting Team[30], with 13 closed bugs[31]
* Gentoo KDE team[32], with 12 closed bugs[33]
* Roy Marples[34], with 11 closed bugs[35]
* Daniel Goller[36], with 11 closed bugs[37]
* Gentoo Games[38], with 11 closed bugs[39]
24. gnome@gentoo.org
25.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=gnome@gentoo.org
26. neysx@gentoo.org
27.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=neysx@gentoo.org
28. base-system@gentoo.org
29.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=base-system@gentoo.org
30. amd64@gentoo.org
31.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=amd64@gentoo.org
32. kde@gentoo.org
33.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=kde@gentoo.org
34. uberlord@gentoo.org
35.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=uberlord@gentoo.org
36. morfic@gentoo.org
37.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=morfic@gentoo.org
38. games@gentoo.org
39.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=games@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[40], with 29 new bugs[41]
* AMD64 Porting Team[42], with 14 new bugs[43]
* Perl Devs @ Gentoo[44], with 10 new bugs[45]
* Gentoo Sound Team[46], with 8 new bugs[47]
* media-video herd[48], with 7 new bugs[49]
* Default Assignee for Orphaned Packages[50], with 7 new bugs[51]
* Java team[52], with 6 new bugs[53]
* Gentoo X-windows packagers[54], with 5 new bugs[55]
40. maintainer-wanted@gentoo.org
41.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=maintainer-wanted@gentoo.org
42. amd64@gentoo.org
43.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=amd64@gentoo.org
44. perl@gentoo.org
45.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=perl@gentoo.org
46. sound@gentoo.org
47.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=sound@gentoo.org
48. media-video@gentoo.org
49.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=media-video@gentoo.org
50. maintainer-needed@gentoo.org
51.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=maintainer-needed@gentoo.org
52. java@gentoo.org
53.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=java@gentoo.org
54. x11@gentoo.org
55.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=x11@gentoo.org
===============
8. GWN feedback
===============
Please send us your feedback[56] and help make the GWN better.
56. gwn-feedback@gentoo.org
===============================
9. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
10. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[57]
* Dutch[58]
* English[59]
* German[60]
* French[61]
* Korean[62]
* Japanese[63]
* Italian[64]
* Polish[65]
* Portuguese (Brazil)[66]
* Portuguese (Portugal)[67]
* Russian[68]
* Spanish[69]
* Turkish[70]
57. http://www.gentoo.org/news/da/gwn/gwn.xml
58. http://www.gentoo.org/news/nl/gwn/gwn.xml
59. http://www.gentoo.org/news/en/gwn/gwn.xml
60. http://www.gentoo.org/news/de/gwn/gwn.xml
61. http://www.gentoo.org/news/fr/gwn/gwn.xml
62. http://www.gentoo.org/news/ko/gwn/gwn.xml
63. http://www.gentoo.org/news/ja/gwn/gwn.xml
64. http://www.gentoo.org/news/it/gwn/gwn.xml
65. http://www.gentoo.org/news/pl/gwn/gwn.xml
66. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
67. http://www.gentoo.org/news/pt/gwn/gwn.xml
68. http://www.gentoo.org/news/ru/gwn/gwn.xml
69. http://www.gentoo.org/news/es/gwn/gwn.xml
70. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Robin H. Johnson <robbat2@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 20 February 2006.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
FOSDEM to open gates on Saturday
--------------------------------
Europe's finest and grandest open-source developer conference, FOSDEM,
will be held this coming weekend (25 and 26 February) in Brussels. Gentoo
has a booth in the exhibition area with various architectures on display
on both Saturday and Sunday. For the second year in a row, Gentoo will
underline its role in development with its own "devroom", featuring an
entire day of presentations by Gentoo developers, most of them open to the
public, except for an internal Gentoo dev meeting around lunch time. The
Gentoo Devroom will be held on Sunday, 26 February, and the schedule[1] --
subject to change on short notice, but reasonably stable as of today --
spans from 9:00 to 16:30 hours.
1. http://fosdem.org/2006/index/dev_room_gentoo/schedule
The European Gentoo devs are particularly happy about three overseas
visitors, release engineering lead and x86 release coordinator Chris
Gianelloni[2] and AMD64 developer Mike Doty[3] from the US, and CJK
maintainer Mamoru Komachi[4] from Japan will join their European
colleagues in the dev room.
2. wolf31o2@gentoo.org
3. kingtaco@gentoo.org
4. usata@gentoo.org
A social event for the Gentoo developers in Brussels is scheduled for
Saturday night, if you would like to participate in the dinner, please
send a message to organizer Patrick Lauer[5].
5. patrick@gentoo.org
Request for comments: Qmail to move on
--------------------------------------
The Qmail team is investigating ongoing maintenance of qmail in the
Portage tree, and moving towards netqmail. They are considering changing
their patching policy to move towards having a single large combined patch
which would be the result of merging all the existing patches used. In
attempting to undertake this, they are also interested in which of qmail's
functionality is unused and which ones are missing. The Qmail team is
investigating ongoing maintenance of qmail in the Portage tree, and moving
towards netqmail. They are considering changing their patching policy to
move towards having a single large combined patch which would be the
result of merging all the existing patches used.
In attempting to undertake this, they are also interested in which of
qmail's functionality is unused and which ones are missing.
* Do you use something other than qmail to handle the SMTP frontend?
Qsmtp, qpsmtp, mailfront? Additional scripts from qmail-spp?
* Are there any users of qmail-mysql at all? The last bug dates from late
2003. If there is no demand for the package, we wish to drop it from the
tree.
* Any users experienced with maintaining and modifying qmail-ldap? Please
contact them, since they need more qmail-ldap experience as the original
developer handling it has moved on.
Note: Please contact them at qmail-bugs@gentoo.org, they would love to
hear from you.
=========================
2. Heard in the community
=========================
gentoo-dev
----------
Berlios-hosted SRC_URI components
The Berlios project offers hosting for Open Source projects, including CVS
and file mirrors. After a restructuring of their (often overloaded)
servers the download source location has changed - direct URIs are no
longer used, instead a URI with a "magic key" is used. Also each download
tarball seems to have an extra "garbage" byte, effectively breaking
digests as they are used for Gentoo downloads. This means that as long as
Berlios does not change their policy all SRC_URIs in ebuilds need to be
changed and fetching files may fail due to digest mismatches. Discussion
is still ongoing as to how the situation should be handled.
* Berlios-hosted SRC_URI components [6]
6. http://thread.gmane.org/gmane.linux.gentoo.devel/36077
Bugzilla etiquette suggestions
As there are often incomplete or duplicate bugs filed on our bugzilla the
bugwranglers (the persons sorting and assigning bugs) sometimes respond in
ways that are perceived to be very negative by the person filing the bug.
Especially the INVALID bug resolution can often cause a very emotional
response. Daniel Drake[7] offers some suggestions for developers to avoid
unneeded conflicts with bugs, but the following discussion also has some
hints for users that wish to file bugs.
7. dsd@gentoo.org
* Bugzilla etiquette suggestions [8]
8. http://thread.gmane.org/gmane.linux.gentoo.devel/35968
Gentoo Council Meeting Summary (20060209)
The monthly meeting of the Gentoo Council happened on February 9th. The
only point on the regular agenda was GLEP 44 (Manifest2 support) which was
delayed until some technical issues are resolved.
* Gentoo Council Meeting Summary (20060209)[9]
9. http://thread.gmane.org/gmane.linux.gentoo.devel/35878
=======================
3. Gentoo international
=======================
UK: Kaboot, a Gentoo-based distribution
---------------------------------------
Kaboot[10] is a Gentoo-based Linux-LiveCD distribution. Currently
available in four flavours, Recovery, Lite, Science and -- just released
-- Kaboot Komplete, Kaboot aims to provide an OS on a CD or USB which you
can take anywhere with you and will boot any system. Development is
progressing steadily, and the author Hanni Ali[11] hopes to release the
first USB versions in early March. The ISOs of the currently available
versions vary in size from just over 80MB to around 550MB.
10. http://kaboot.ainkaboot.co.uk/
11. http://kaboot.ainkaboot.co.uk/contact.php
======================
4. Gentoo in the press
======================
Mactel Linux (16 February 2006)
-------------------------------
Various online media including Slashdot[12], engadget[13] and PC
Magazine[14] were quick to pick up the success story of Edgar Hucek's
Linux installation on one of the new Intel-driven Macintosh PCs, a 17"
iMac with dual core. "Using elilo and a modified Linux kernel, we can boot
from a USB hard disk on the 17" iMac Core Duo. We are using the hacked
vesafb driver to inherit the bootloader's framebuffer. Gentoo runs and can
compile the Linux kernel," states the project's website[15].
Congratulations!
12. http://linux.slashdot.org/article.pl?sid=06/02/16/2025243
13. http://cellphones.engadget.com/2006/02/16/linux-boots-on-intel-imacs/
14. http://www.pcmag.com/article2/0,1895,1928357,00.asp
15. http://www.mactel-linux.org
PC Web (7 February 2006, in Japanese)
-------------------------------------
Gentoo's BSD project got an honorable mention in one of Japan's most
important online computer magazines, PC Web. Quoting from a thread in the
BSD mailing list, author Daichi Goto points to "Gentoo GNU/kFreeBSD" as
using the best of both worlds: userland from Gentoo, kernel from FreeBSD.
Interesting even to those unable to read Japanese, the article carries
four screenshots of a working installation.
=========================
5. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* None this week
Adds
----
The following developers recently joined the Gentoo project:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo project:
* None this week
==================
6. Gentoo Security
==================
Xpdf, Poppler: Heap overflow
----------------------------
Xpdf and Poppler are vulnerable to a heap overflow that may be exploited
to execute arbitrary code.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
KPdf: Heap based overflow
-------------------------
KPdf includes vulnerable Xpdf code to handle PDF files, making it
vulnerable to the execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
ImageMagick: Format string vulnerability
----------------------------------------
A vulnerability in ImageMagick allows attackers to crash the application
and potentially execute arbitrary code.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml
Sun JDK/JRE: Applet privilege escalation
----------------------------------------
Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not
adequately constrain applets from privilege escalation and arbitrary code
execution.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml
libtasn1, GNU TLS: Security flaw in DER decoding
------------------------------------------------
A flaw in the parsing of Distinguished Encoding Rules (DER) has been
discovered in libtasn1, potentially resulting in the execution of
arbitrary code.
For more information, please see the GLSA Announcement[20]
20. http://www.gentoo.org/security/en/glsa/glsa-200602-08.xml
BomberClone: Remote execution of arbitrary code
-----------------------------------------------
BomberClone is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[21]
21. http://www.gentoo.org/security/en/glsa/glsa-200602-09.xml
GnuPG: Incorrect signature verification
---------------------------------------
Applications relying on GnuPG to authenticate digital signatures may
incorrectly believe a signature has been verified.
For more information, please see the GLSA Announcement[22]
22. http://www.gentoo.org/security/en/glsa/glsa-200602-10.xml
===========
7. Bugzilla
===========
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[23]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 12 February 2006 and 19 February 2006, activity
on the site has resulted in:
23. http://bugs.gentoo.org
* 815 new bugs during this period
* 442 bugs closed or resolved during this period
* 28 previously closed bugs were reopened this period
Of the 9341 currently open bugs: 75 are labeled 'blocker', 152 are labeled
'critical', and 526 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo Linux Gnome Desktop Team[24], with 17 closed bugs[25]
* Xavier Neys[26], with 15 closed bugs[27]
* Gentoo's Team for Core System packages[28], with 15 closed bugs[29]
* AMD64 Porting Team[30], with 13 closed bugs[31]
* Gentoo KDE team[32], with 12 closed bugs[33]
* Roy Marples[34], with 11 closed bugs[35]
* Daniel Goller[36], with 11 closed bugs[37]
* Gentoo Games[38], with 11 closed bugs[39]
24. gnome@gentoo.org
25.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=gnome@gentoo.org
26. neysx@gentoo.org
27.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=neysx@gentoo.org
28. base-system@gentoo.org
29.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=base-system@gentoo.org
30. amd64@gentoo.org
31.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=amd64@gentoo.org
32. kde@gentoo.org
33.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=kde@gentoo.org
34. uberlord@gentoo.org
35.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=uberlord@gentoo.org
36. morfic@gentoo.org
37.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=morfic@gentoo.org
38. games@gentoo.org
39.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-02-12&chfieldto=2006-02-19&resolution=FIXED&assigned_to=games@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[40], with 29 new bugs[41]
* AMD64 Porting Team[42], with 14 new bugs[43]
* Perl Devs @ Gentoo[44], with 10 new bugs[45]
* Gentoo Sound Team[46], with 8 new bugs[47]
* media-video herd[48], with 7 new bugs[49]
* Default Assignee for Orphaned Packages[50], with 7 new bugs[51]
* Java team[52], with 6 new bugs[53]
* Gentoo X-windows packagers[54], with 5 new bugs[55]
40. maintainer-wanted@gentoo.org
41.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=maintainer-wanted@gentoo.org
42. amd64@gentoo.org
43.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=amd64@gentoo.org
44. perl@gentoo.org
45.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=perl@gentoo.org
46. sound@gentoo.org
47.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=sound@gentoo.org
48. media-video@gentoo.org
49.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=media-video@gentoo.org
50. maintainer-needed@gentoo.org
51.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=maintainer-needed@gentoo.org
52. java@gentoo.org
53.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=java@gentoo.org
54. x11@gentoo.org
55.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-02-12&chfieldto=2006-02-19&assigned_to=x11@gentoo.org
===============
8. GWN feedback
===============
Please send us your feedback[56] and help make the GWN better.
56. gwn-feedback@gentoo.org
===============================
9. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
10. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[57]
* Dutch[58]
* English[59]
* German[60]
* French[61]
* Korean[62]
* Japanese[63]
* Italian[64]
* Polish[65]
* Portuguese (Brazil)[66]
* Portuguese (Portugal)[67]
* Russian[68]
* Spanish[69]
* Turkish[70]
57. http://www.gentoo.org/news/da/gwn/gwn.xml
58. http://www.gentoo.org/news/nl/gwn/gwn.xml
59. http://www.gentoo.org/news/en/gwn/gwn.xml
60. http://www.gentoo.org/news/de/gwn/gwn.xml
61. http://www.gentoo.org/news/fr/gwn/gwn.xml
62. http://www.gentoo.org/news/ko/gwn/gwn.xml
63. http://www.gentoo.org/news/ja/gwn/gwn.xml
64. http://www.gentoo.org/news/it/gwn/gwn.xml
65. http://www.gentoo.org/news/pl/gwn/gwn.xml
66. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
67. http://www.gentoo.org/news/pt/gwn/gwn.xml
68. http://www.gentoo.org/news/ru/gwn/gwn.xml
69. http://www.gentoo.org/news/es/gwn/gwn.xml
70. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Robin H. Johnson <robbat2@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list