[gentoo-gwn] Gentoo Weekly Newsletter 14 August 2006

[Chris Gianelloni <wolf31o2@gentoo.org>]

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 14 August 2006.
---------------------------------------------------------------------------
 
==============
1. Gentoo news
==============
  
Linux World Conference and Expo - San Francisco
-----------------------------------------------
  
The Linux World Conference and Expo[1] kicks off this week in San 
Francisco. As usual, Gentoo will have a booth in the '.Org Pavillion'.
The 
booth will be located between the GNOME and KDE projects. Gentoo will
be 
showing the upcoming 2006.1 release as well as several architectures.
This 
is a good opportunity to meet several Gentoo developers from across the 
United States. 

 1. http://www.linuxworldexpo.com/live/12/events/12SFO06A
 
The Expo floor is open from 15 August 2006 through 17 August 2006. 
    
OSL Rackathon
-------------
  
The Oregon State University Open Source Lab[2] is conducting a
fundraiser, 
called Rackathon[3], to raise money for the project. The OSL hosts a
large 
portion of the Gentoo infrastructure, several developer boxes, and 
provides the primary Gentoo mirror. They also host many other open
source 
projects. Gentoo was the OSL's first client and is among the largest. 
Money raised will help cover the costs of this free hosting as well as 
other costs incurred by the project. Donations of 20 USD gets your name
on 
a rack in the OSL for an entire year! 

 2. http://osuosl.org
 3. http://osuosl.org/contribute/rackathon
 
Donations to the OSL will help fund further Gentoo hosting and many
other 
open source projects. 
    
PyBugz - Python interface to Bugzilla
-------------------------------------
  
Gentoo developer Alastair Tse[4] has created a Python-based command
line 
interface to the Bugzilla issue tracking system. First conceived as a
tool 
to speed up the workflow for Gentoo developers, PyBugz[5] has been
tested 
on the XenSource and GNOME Bugzilla trackers, also. 

 4. liquidx@gentoo.org
 5. http://www.liquidx.net
 
Gentoo users can install PyBugz by simply using emerge pybugz. 
    
======================
2. Gentoo in the press
======================
  
Linux.com (11 Aug 2006)
-----------------------
  
Linux.com[6] has published an article, entitled 'Gentoo Portage 
Secrets[7]'. The article gives some helpful hints on how to utilize new 
features in portage 2.1 to optimize your Gentoo usage. 

 6. http://www.linux.com
 7. http://www.linux.com/article.pl?sid=06/08/07/1952207
    
=========================
3. Gentoo developer moves
=========================
  
Moves
-----
  
The following developers recently left the Gentoo project: 
 
 * none this week 
    
Adds
----
  
The following developers recently joined the Gentoo project: 
 
 * none this week 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo
project: 
 
 * none this week 
    
==================
4. Gentoo security
==================
   
x11vnc: Authentication bypass in included LibVNCServer code
-----------------------------------------------------------
  
VNC servers created with x11vnc accept insecure protocol types, even
when 
the server does not offer it, resulting in the possibility of
unauthorized 
access to the server. 
 
For more information, please see the GLSA Announcement[8] 

 8. http://www.gentoo.org/security/en/glsa/glsa-200608-12.xml
    
ClamAV: Heap buffer overflow
----------------------------
  
ClamAV is vulnerable to a heap-based buffer overflow resulting in a
Denial 
of Service and potentially remote execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[9] 

 9. http://www.gentoo.org/security/en/glsa/glsa-200608-13.xml
    
DUMB: Heap buffer overflow
--------------------------
  
A heap-based buffer overflow in DUMB could result in the execution of 
arbitrary code. 
 
For more information, please see the GLSA Announcement[10] 

 10. http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml
    
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities
-------------------------------------------------------------------
  
Some applications shipped with MIT Kerberos 5 are vulnerable to local 
privilege escalation. 
 
For more information, please see the GLSA Announcement[11] 

 11. http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
    
Warzone 2100 Resurrection: Multiple buffer overflows
----------------------------------------------------
  
Warzone 2100 Resurrection server and client are vulnerable to separate 
buffer overflows, potentially allowing remote code execution. 
 
For more information, please see the GLSA Announcement[12] 

 12. http://www.gentoo.org/security/en/glsa/glsa-200608-16.xml
    
libwmf: Buffer overflow vulnerability
-------------------------------------
  
libwmf is vulnerable to an integer overflow potentially resulting in
the 
execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[13] 

 13. http://www.gentoo.org/security/en/glsa/glsa-200608-17.xml
    
Net::Server: Format string vulnerability
----------------------------------------
  
A format string vulnerability has been reported in Net::Server which
can 
be exploited to cause a Denial of Service. 
 
For more information, please see the GLSA Announcement[14] 

 14. http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml
    
WordPress: Privilege escalation
-------------------------------
  
A flaw in WordPress allows registered WordPress users to elevate 
privileges. 
 
For more information, please see the GLSA Announcement[15] 

 15. http://www.gentoo.org/security/en/glsa/glsa-200608-19.xml
    
===========
5. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[16]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 06 August 2006 and 13 August 2006, activity
on 
the site has resulted in: 

 16. http://bugs.gentoo.org
 
 * 780 new bugs during this period 
 * 385 bugs closed or resolved during this period 
 * 32 previously closed bugs were reopened this period 
 
Of the 10879 currently open bugs: 47 are labeled 'blocker', 138 are 
labeled 'critical', and 539 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this
period 
are: 
 
 * Gentoo Security[17], with 29 closed bugs[18]  
 * Gentoo Games[19], with 17 closed bugs[20]  
 * Portage team[21], with 16 closed bugs[22]  
 * GNU Emacs Herd[23], with 15 closed bugs[24]  
 * AMD64 Project[25], with 15 closed bugs[26]  
 * Xavier Neys[27], with 14 closed bugs[28]  
 * Michal Januszewski[29], with 11 closed bugs[30]  
 * Perl Devs @ Gentoo[31], with 11 closed bugs[32]  
 17. security@gentoo.org
 18. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=security@gentoo.org
 19. games@gentoo.org
 20. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=games@gentoo.org
 21. dev-portage@gentoo.org
 22. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=dev-portage@gentoo.org
 23. emacs@gentoo.org
 24. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=emacs@gentoo.org
 25. amd64@gentoo.org
 26. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=amd64@gentoo.org
 27. neysx@gentoo.org
 28. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=neysx@gentoo.org
 29. spock@gentoo.org
 30. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=spock@gentoo.org
 31. perl@gentoo.org
 32. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-08-06&chfieldto=2006-08-13&resolution=FIXED&assigned_to=perl@gentoo.org

    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs
during 
this period are: 
 
 * Default Assignee for New Packages[33], with 46 new bugs[34]  
 * AMD64 Project[35], with 14 new bugs[36]  
 * Java team[37], with 12 new bugs[38]  
 * Gentoo Linux Gnome Desktop Team[39], with 10 new bugs[40]  
 * Default Assignee for Orphaned Packages[41], with 8 new bugs[42]  
 * Gentoo KDE team[43], with 7 new bugs[44]  
 * Perl Devs @ Gentoo[45], with 6 new bugs[46]  
 * X11 External Driver Maintainers[47], with 5 new bugs[48]  
 33. maintainer-wanted@gentoo.org
 34. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=maintainer-wanted@gentoo.org
 35. amd64@gentoo.org
 36. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=amd64@gentoo.org
 37. java@gentoo.org
 38. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=java@gentoo.org
 39. gnome@gentoo.org
 40. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=gnome@gentoo.org
 41. maintainer-needed@gentoo.org
 42. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=maintainer-needed@gentoo.org
 43. kde@gentoo.org
 44. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=kde@gentoo.org
 45. perl@gentoo.org
 46. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=perl@gentoo.org
 47. x11-drivers@gentoo.org
 48. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-08-06&chfieldto=2006-08-13&assigned_to=x11-drivers@gentoo.org

    
===============
6. GWN feedback
===============
   
Please send us your feedback[49] and help make the GWN better. 

 49. gwn-feedback@gentoo.org
    
===============================
7. GWN subscription information
===============================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to 
gentoo-gwn+subscribe@gentoo.org. 
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to 
gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are 
subscribed under. 
    
==================
8. Other languages
==================
   
The Gentoo Weekly Newsletter is also available in the following
languages: 
 
 * Chinese (Simplified)[50]  
 * Danish[51]  
 * Dutch[52]  
 * English[53]  
 * German[54]  
 * French[55]  
 * Korean[56]  
 * Japanese[57]  
 * Italian[58]  
 * Polish[59]  
 * Portuguese (Brazil)[60]  
 * Portuguese (Portugal)[61]  
 * Russian[62]  
 * Spanish[63]  
 * Turkish[64]  
 50. http://www.gentoo.org/news/zh_cn/gwn/gwn.xml
 51. http://www.gentoo.org/news/da/gwn/gwn.xml
 52. http://www.gentoo.org/news/nl/gwn/gwn.xml
 53. http://www.gentoo.org/news/en/gwn/gwn.xml
 54. http://www.gentoo.org/news/de/gwn/gwn.xml
 55. http://www.gentoo.org/news/fr/gwn/gwn.xml
 56. http://www.gentoo.org/news/ko/gwn/gwn.xml
 57. http://www.gentoo.org/news/ja/gwn/gwn.xml
 58. http://www.gentoo.org/news/it/gwn/gwn.xml
 59. http://www.gentoo.org/news/pl/gwn/gwn.xml
 60. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
 61. http://www.gentoo.org/news/pt/gwn/gwn.xml
 62. http://www.gentoo.org/news/ru/gwn/gwn.xml
 63. http://www.gentoo.org/news/es/gwn/gwn.xml
 64. http://www.gentoo.org/news/tr/gwn/gwn.xml

   
Ulrich Plate <plate@gentoo.org> - Editor
Chris Gianelloni <wolf31o2@gentoo.org> - Author



-- 
gentoo-gwn@gentoo.org mailing list