[gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 25

[gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 25

[Yuji Kosugi]

[-- Attachment #1: Type: text/plain, Size: 17021 bytes --]

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of June 21st, 2004.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
Announcing Wasabi 0.2
---------------------
  
We're very pleased to announce that version 0.2 of Wasabi[1] has been 
released. We introduced[2] Wasabi two weeks ago: it's a log monitoring 
program initially developed for Gentoo infrastructure servers and now 
hosted by Gentoo. Designed to watch one or more log files for lines 
matching a regular expression, it can be set to send a notification email 
whenever a matching line occurs, or to report on such lines periodically. 
Changes in version 0.2 include multiple file support, large performance 
gains, and better signal handling. For more information, read the 
announcement[3] posted to gentoo-announce. 

 1. http://www.gentoo.org/proj/en/infrastructure/wasabi/index.xml
 2. http://www.gentoo.org/news/en/gwn/20040607-newsletter.xml
 3. http://article.gmane.org/gmane.linux.gentoo.announce/373
    
Gentoo Linux seeking new kernel developers
------------------------------------------
  
The Gentoo Linux project is currently seeking for new developers 
interested in helping the kernel team. We're looking for developers with a 
lot of kernel experience as well as experience writing ebuilds. Interested 
parties should send mail to recruiters@gentoo.org. 
    
==================
2. Gentoo Security
==================
  
Squirrelmail: Another XSS vulnerability
---------------------------------------
  
Squirrelmail fails to properly sanitize user input, which could lead to a 
compromise of webmail accounts. 
 
For more information, please see the GLSA Announcement[4] 

 4. http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml
    
Horde-Chora: Remote code execution
----------------------------------
  
A vulnerability in Chora allows remote code execution and file upload. 
 
For more information, please see the GLSA Announcement[5] 

 5. http://www.gentoo.org/security/en/glsa/glsa-200406-09.xml
    
Gallery: Privilege escalation vulnerability
-------------------------------------------
  
There is a vulnerability in the Gallery photo album software which may 
allow an attacker to gain administrator privileges within Gallery. 
 
For more information, please see the GLSA Announcement[6] 

 6. http://www.gentoo.org/security/en/glsa/glsa-200406-10.xml
    
Horde-IMP: Input validation vulnerability
-----------------------------------------
  
An input validation vulnerability has been discovered in Horde-IMP. 
 
For more information, please see the GLSA Announcement[7] 

 7. http://www.gentoo.org/security/en/glsa/glsa-200406-11.xml
    
Webmin: Multiple vulnerabilities
--------------------------------
  
Webmin contains two security vulnerabilities which could lead to a Denial 
of Service attack and information disclosure. 
 
For more information, please see the GLSA Announcement[8] 

 8. http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
    
Squid: NTLM authentication helper buffer overflow
-------------------------------------------------
  
Squid contains a bug where it fails to properly check bounds of the 'pass' 
variable. 
 
For more information, please see the GLSA Announcement[9] 

 9. http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml
    
aspell: Buffer overflow in word-list-compress
---------------------------------------------
  
A bug in the aspell utility word-list-compress can allow an attacker to 
execute arbitrary code. 
 
For more information, please see the GLSA Announcement[10] 

 10. http://www.gentoo.org/security/en/glsa/glsa-200406-14.xml
    
Usermin: Multiple vulnerabilities
---------------------------------
  
Usermin contains two security vulnerabilities which could lead to a Denial 
of Service attack and information disclosure. 
 
For more information, please see the GLSA Announcement[11] 

 11. http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
    
=========================
3. Heard in the Community
=========================
  
Web Forums
----------
  
USE="-offensive" 
 
Imagine working in a US corporation. Imagine further that you've convinced 
your boss that Linux is your operating system of choice, and you've even 
managed to sneek a Gentoo installation into a predominantly red-hatted 
environment. And then you emerge Windowmaker, just when your boss glances 
over your shoulder... Sexually explicit material packaged in a window 
manager has stirred a controversy in the forums that oscillates between 
calls for "emerge unmerge Janet Jackson" and the introduction of a new USE 
flag that bans or allows emerging offensive material: 
 
 * Prude alert: Sexually explicit wm themes in emerge[12] 
 12. http://forums.gentoo.org/viewtopic.php?t=187352

    
gentoo-user
-----------
  
Removing old Kernel Source Trees 
 
When upgrading your kernel sources, Gentoo will keep your old source trees 
around, including in portage. This[13] thread has some pointers on how to 
manage your kernel sources effectively. 

 13. 
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=28tk1-6Qx-9%
40gated-at.bofh.it&prev=/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie%3
DUTF-8%26group%3Dlinux.gentoo.user%26start%3D25
 
Simultaneous Emerges? 
 
Is it safe to run multiple 'emerge' commands at once? Find out[14] here! 

 14. 
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=27M5k-6cu-9%
40gated-at.bofh.it&prev=/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie%3
DUTF-8%26group%3Dlinux.gentoo.user%26start%3D100
    
===========
4. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[15]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 12 June 2004 and 18 June 2004, activity on the 
site has resulted in: 

 15. http://bugs.gentoo.org
 
 * 580 new bugs during this period 
 * 363 bugs closed or resolved during this period 
 * 13 previously closed bugs were reopened this period 
 
Of the 6502 currently open bugs: 130 are labeled 'blocker', 190 are 
labeled 'critical', and 514 are labeled 'major'. 
    
Closed Bug Rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * Jeremy Huddleston[16], with 32 closed bugs[17]  
 * Perl Devs @ Gentoo[18], with 25 closed bugs[19]  
 * AMD64 Porting Team[20], with 14 closed bugs[21]  
 * Gentoo X-windows Packagers[22], with 13 closed bugs[23]  
 * Mozilla Gentoo Team[24], with 12 closed bugs[25]  
 * Gentoo KDE Team[26], with 12 closed bugs[27]  
 16. eradicator@gentoo.org
 17. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
ED&assigned_to=eradicator@gentoo.org
 18. perl@gentoo.org
 19. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
ED&assigned_to=perl@gentoo.org
 20. amd64@gentoo.org
 21. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
ED&assigned_to=amd64@gentoo.org
 22. xfree@gentoo.org
 23. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
ED&assigned_to=xfree@gentoo.org
 24. mozilla@gentoo.org
 25. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
ED&assigned_to=mozilla@gentoo.org
 26. kde@gentoo.org
 27. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX
ED&assigned_to=kde@gentoo.org

    
New Bug Rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * Web-Apps Herd[28], with 27 new bugs[29]  
 * Gentoo's Team for Core System packages[30], with 23 new bugs[31]  
 * AMD64 Porting Team[32], with 21 new bugs[33]  
 * Gentoo Linux Gnome Desktop Team[34], with 17 new bugs[35]  
 * Java Team[36], with 12 new bugs[37]  
 28. webapps-request@gentoo.org
 29. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
-18&assigned_to=webapps-request@gentoo.org
 30. base-system@gentoo.org
 31. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
-18&assigned_to=base-system@gentoo.org
 32. amd64@gentoo.org
 33. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
-18&assigned_to=amd64@gentoo.org
 34. gnome@gentoo.org
 35. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
-18&assigned_to=gnome@gentoo.org
 36. java@gentoo.org
 37. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06
-18&assigned_to=java@gentoo.org
    
==================
5. Tips and Tricks
==================
   
Tips and Tricks is on hiatus this week.
    
===========================
6. Moves, Adds, and Changes
===========================
  
Moves
-----
  
The following developers recently left the Gentoo team:
 
 * Troy Dack (tad) - testing and tweaking 
    
Adds
----
  
The following developers recently joined the Gentoo Linux team:
 
 * None this week 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project:
 
 * None this week 
    
====================
7. Contribute to GWN
====================
   
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
email[38].

 38. gwn-feedback@gentoo.org
    
===============
8. GWN Feedback
===============
   
Please send us your feedback[39] and help make the GWN better.

 39. gwn-feedback@gentoo.org
    
===============================
9. GWN Subscription Information
===============================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-subscribe@gentoo.org.
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@gentoo.org from the email address you are 
subscribed under.
    
===================
10. Other Languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[40] 
 * Dutch[41] 
 * English[42] 
 * German[43] 
 * French[44] 
 * Japanese[45] 
 * Italian[46] 
 * Polish[47] 
 * Portuguese (Brazil)[48] 
 * Portuguese (Portugal)[49] 
 * Russian[50] 
 * Spanish[51] 
 * Turkish[52] 
 40. http://www.gentoo.org/news/da/gwn/gwn.xml
 41. http://www.gentoo.org/news/be/gwn/gwn.xml
 42. http://www.gentoo.org/news/en/gwn/gwn.xml
 43. http://www.gentoo.org/news/de/gwn/gwn.xml
 44. http://www.gentoo.org/news/fr/gwn/gwn.xml
 45. http://www.gentoo.org/news/ja/gwn/gwn.xml
 46. http://www.gentoo.org/news/it/gwn/gwn.xml
 47. http://www.gentoo.org/news/pl/gwn/gwn.xml
 48. http://www.gentoo.org/news/br/gwn/gwn.xml
 49. http://www.gentoo.org/news/pt/gwn/gwn.xml
 50. http://www.gentoo.org/news/ru/gwn/gwn.xml
 51. http://www.gentoo.org/news/es/gwn/gwn.xml
 52. http://www.gentoo.org/news/tr/gwn/gwn.xml
   
Yuji Carlos Kosugi <carlos@gentoo.org> - Editor
AJ Armstrong <aja@clanarmstrong.com> - Contributor
Brian Downey <bdowney@briandowney.net> - Contributor
Kurt Lieber <klieber@gentoo.org> - Contributor
David Narayan <david@phrixus.net> - Contributor
Ulrich Plate <plate@gentoo.org> - Contributor
Sven Vermeulen <swift@gentoo.org> - Contributor
Simon Holm Thagersen <simon@lysbro.net> - Danish Translation
Jesper Brodersen <broeman@gentoo.org> - Danish Translation
Arne Mejlholm <aaby@gentoo.org> - Danish Translation
Hendrik Eeckhaut <Hendrik.Eeckhaut@UGent.be> - Dutch Translation
Jorn Eilander <sephiroth@quicknet.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@bernieke.com> - Dutch Translation
Peter ter Borg <peter@daborg.nl> - Dutch Translation
Jochen Maes <linux@sejo.be> - Dutch Translation
Roderick Goessen <rgoessen@home.nl> - Dutch Translation
Gerard van den Berg <gerard@steelo.net> - Dutch Translation
Matthieu Montaudouin <mat@frheaven.com> - French Translation
Xavier Neys <neysx@gentoo.org> - French Translation
Martin Prieto <riverdale@linuxmail.org> - French Translation
Antoine Raillon <cabec2@pegase.net> - French Translation
Sebastien Cevey <seb@cine7.net> - French Translation
Jean-Christophe Choisy <mabouya@petitefleure.org> - French Translation
Thomas Raschbacher <lordvan@gentoo.org> - German Translation
Steffen Lassahn <madeagle@gentoo.org> - German Translation
Matthias F. Brandstetter <haim@gentoo.org> - German Translation
Lukas Domagala <Cyrik@gentoo.org> - German Translation
Tobias Scherbaum <dertobi123@gentoo.org> - German Translation
Daniel Gerholdt <Sputnik1969@gentoo.org> - German Translation
Marc Herren <dj-submerge@gentoo.org> - German Translation
Tobias Matzat <SirSeoman@gentoo.org> - German Translation
Marco Mascherpa <mush@monrif.net> - Italian Translation
Claudio Merloni <paper@tiscali.it> - Italian Translation
Stefano Lucidi <stefano.lucidi@gentoo-italia.org> - Italian Translation
Katuyuki Konno <katuyuki@siva.ddo.jp> - Japanese Translation
Hiroyuki Takeda <hiro@extreme.jspeed.jp> - Japanese Translation
Masato Hatakeyama <hatake@mx2.ttcn.ne.jp> - Japanese Translation
Masayoshi Nakamura <masayang@masasushi.com> - Japanese Translation
Yasunori Fukudome <yasunori@mail.portland.co.uk> - Japanese Translation
Tomoyuki Sakurai <web-gentoo-doc-jp@trombik.mine.nu> - Japanese Translation
Lukasz Strzygowski <lucass@gentoo.pl> - Polish Translation
Karol Goralski <gooroo@gentoo.pl> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@inf.ufrgs.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@datavibe.net> - Portuguese (Brazil) Translation
Jo??o Rafael Moraes Nicola <joaoraf@rudah.com.br> - Portuguese (Brazil) 
Translation
Marcelo Gon??alves de Azambuja <mgazambuja@terra.com.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@gentoobr.org> - Portuguese (Brazil) 
Translation
Pablo N. Hess -- NatuNobilis <natunobilis@gentoobr.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@yawl.com.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@ig.com.br> - Portuguese (Brazil) 
Translation
Bruno Ferreira <blueroom@digitalmente.net> - Portuguese (Portugal) 
Translation
Gustavo Felisberto <humpback@felisberto.net> - Portuguese (Portugal) 
Translation
Jos?? Costa <jose_costa@netcabo.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@linuxmail.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@rjlouro.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@bk.ru> - Russian Translator
Sergey Galkin <gals_home@list.ru> - Russian Translator
Sergey Kuleshov <svyatogor@gentoo.org> - Russian Translator
Alex Spirin <asp13@mail.ru> - Russian Translator
Denis Zaletov <dzaletov@rambler.ru> - Russian Translator
Lanark <lanark@lanark.com.ar> - Spanish Translation
Fernando J. Pereda <ferdy@ferdyx.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@uoc.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@telefonica.net> - Spanish Translation
Guillermo Juarez <katossi@usuarios.retecal.es> - Spanish Translation
Jes??s Garc??a Crespo <correo@sevein.com> - Spanish Translation
Carlos Castillo <carlos@castillobueno.com> - Spanish Translation
Julio Castillo <julio@castillobueno.com> - Spanish Translation
Sergio G??mez <s3r@fibertel.com.ar> - Spanish Translation
Aycan Irican <aycan@core.gen.tr> - Turkish Translation
Bugra Cakir <bugra@myrealbox.com> - Turkish Translation
Cagil Seker <cagils@biznet.com.tr> - Turkish Translation
Emre Kazdagli <emre@core.gen.tr> - Turkish Translation
Evrim Ulu <evrim@core.gen.tr> - Turkish Translation
Gursel Kaynak <gurcell@core.gen.tr> - Turkish Translation

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]