Gentoo Weekly Newsletter - Volume 3, Issue 15
[Posted April 13, 2004 by ris]
| From: |
| Yuji Kosugi <carlos-AT-gentoo.org> |
| To: |
| gentoo-gwn-AT-lists.gentoo.org |
| Subject: |
| [gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 15 |
| Date: |
| Mon, 12 Apr 2004 19:48:38 -0400 |
---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of April 12th, 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo Weekly Newsletter reorganizing
-------------------------------------
Recently we've been receiving emails from users about missing sections and
content in the newsletter. We've had some contributors leave the team, and
others have been unable to participate due to personal issues, but once we
start adding some new contributors to the team and reorganizing, we should
be right back on track. Those who responded to the recruitment drive last
week, please hold on as we determine what positions we need filled and
begin responding to applicants. Thanks to all our readers for reading the
newsletter each week; we'll bring back all our regular content as quickly
as possible.
Gentoo Linux Project seeking SAMBA developers
---------------------------------------------
The Gentoo Linux Project is seeking developers who have experience with
SAMBA. Send an email to recruiters@gentoo.org with some background info if
you're interested.
==================
2. Gentoo Security
==================
Insecure sandbox temporary lockfile vulnerabilities in Portage
--------------------------------------------------------------
A flaw has been found in the temporary file handling algorithms for the
sandboxing code used within Portage. Lockfiles created during normal
Portage operation of portage could be manipulated by local users resulting
in the truncation of hard linked files; causing a Denial of Service attack
on the system.
For more information, please see the GLSA Announcement[1]
1. http://www.gentoo.org/security/en/glsa/glsa-200404-01.xml
KDE Personal Information Management Suite Remote Buffer Overflow
Vulnerability
-------------
KDE-PIM may be vulnerable to a remote buffer overflow attack that may
allow unauthorized access to an affected system.
For more information, please see the GLSA Announcement[2]
2. http://www.gentoo.org/security/en/glsa/glsa-200404-02.xml
Tcpdump Vulnerabilities in ISAKMP Parsing
-----------------------------------------
There are multiple vulnerabilities in tcpdump and libpcap related to
parsing of ISAKMP packets.
For more information, please see the GLSA Announcement[3]
3. http://www.gentoo.org/security/en/glsa/glsa-200404-03.xml
Multiple vulnerabilities in sysstat
-----------------------------------
Multiple vulnerabilities in the way sysstat handles symlinks may allow an
attacker to execute arbitrary code or overwrite arbitrary files
For more information, please see the GLSA Announcement[4]
4. http://www.gentoo.org/security/en/glsa/glsa-200404-04.xml
ipsec-tools contains an X.509 certificates vulnerability.
---------------------------------------------------------
ipsec-tools contains a vulnerability that affects connections
authenticated with X.509 certificates.
For more information, please see the GLSA Announcement[5]
5. http://www.gentoo.org/security/en/glsa/glsa-200404-05.xml
Util-linux login may leak sensitive data
----------------------------------------
The login program included in util-linux could leak sensitive information
under certain conditions.
For more information, please see the GLSA Announcement[6]
6. http://www.gentoo.org/security/en/glsa/glsa-200404-06.xml
ClamAV RAR Archive Remote Denial Of Service Vulnerability
---------------------------------------------------------
ClamAV is vulnerable to a denial of service attack when processing certain
RAR archives.
For more information, please see the GLSA Announcement[7]
7. http://www.gentoo.org/security/en/glsa/glsa-200404-07.xml
GNU Automake symbolic link vulnerability
----------------------------------------
Automake may be vulnerable to a symbolic link attack which may allow an
attacker to modify data or elevate their privileges.
For more information, please see the GLSA Announcement[8]
8. http://www.gentoo.org/security/en/glsa/glsa-200404-08.xml
Cross-realm trust vulnerability in Heimdal
------------------------------------------
Heimdal contains cross-realm vulnerability allowing someone with control
over a realm to impersonate anyone in the cross-realm trust path.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200404-09.xml
iproute local Denial of Service vulnerability
---------------------------------------------
The iproute package allows local users to cause a denial of service.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200404-10.xml
Multiple Vulnerabilities in pwlib
---------------------------------
Multiple vulnerabilites have been found in pwlib that may lead to a remote
denial of service or buffer overflow attack.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200404-11.xml
Scorched 3D server chat box format string vulnerability
-------------------------------------------------------
Scorched 3D is vulnerable to a format string attack in the chat box that
leads to Denial of Service on the game server and possibly allows
execution of arbitrary code.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200404-12.xml
=========================
3. Heard in the Community
=========================
Web Forums
----------
Week of the Xorg
Two unusually active threads have developed last week providing opinions
and experience concerning the alternative to XFree86 some people have been
trying out lately. In any case, the forked X server from X.org certainly
looks popular enough to attract six pages worth of postings within just
three days since the creation of the discussion thread, and even the Howto
thread had dozens of Gentooists post addenda or corrections:
* experiences with xorg-x11-6.7.0[13]
* How I got x.org up and running[14]
13. http://forums.gentoo.org/viewtopic.php?t=158619
14. http://forums.gentoo.org/viewtopic.php?t=158911
=======================
4. Gentoo International
=======================
Italy/Switzerland: Joint GECHI and Ticino LUG Meeting
On Friday and Saturday, 16 and 17 April, the notorious GECHI[15] group of
Italian Gentoo users will join forces with the Ticino Linx User Group to
organize a friendly event at one of three SUPSI (Scuola Universitaria
Professionale della Svizzera Italiana) sites in Switzerland, this one
located in a town called Manno, not far from the Italian border. Dates and
times are to be taken with a grain of salt (check the TiLUG site[16] for
details), but the Forum coordination thread[17] appears to have everything
under control. And in any case, springtime in Ticino is supposed to be
lovely....
15. http://www.gechi.org/
16. http://tilug.org/cms/index.php?ind=14
17. http://forums.gentoo.org/viewtopic.php?t=157613
===========
5. Bugzilla
===========
Summary
-------
* Statistics
* Closed Bug Ranking
* New Bug Rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[18]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 03 April 2004 and 09 April 2004, activity on the
site has resulted in:
18. http://bugs.gentoo.org
* 642 new bugs during this period
* 336 bugs closed or resolved during this period
* 22 previously closed bugs were reopened this period
Of the 5570 currently open bugs: 128 are labeled 'blocker', 199 are
labeled 'critical', and 454 are labeled 'major'.
Closed Bug Rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Jeremy Huddleston[19], with 32 closed bugs[20]
* AMD64 Porting Team[21], with 22 closed bugs[22]
* Gentoo Linux Gnome Desktop Team[23], with 18 closed bugs[24]
* Gentoo KDE team[25], with 17 closed bugs[26]
* Gentoo Games team[27], with 15 closed bugs[28]
* x86 Kernel team[29], with 14 closed bugs[30]
* Gentoo Security[31], with 14 closed bugs[32]
* SpanKY[33], with 11 closed bugs[34]
19. eradicator@gentoo.org
20.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&
chfield=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&
resolution=FIXED&assigned_to=eradicator@gentoo.org
21. amd64@gentoo.org
22.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&
chfield=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&
resolution=FIXED&assigned_to=amd64@gentoo.org
23. gnome@gentoo.org
24.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&
chfield=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&
resolution=FIXED&assigned_to=gnome@gentoo.org
25. kde@gentoo.org
26.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&
chfield=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&
resolution=FIXED&assigned_to=kde@gentoo.org
27. games@gentoo.org
28.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&
chfield=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&
resolution=FIXED&assigned_to=games@gentoo.org
29. x86-kernel@gentoo.org
30.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&
chfield=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&
resolution=FIXED&assigned_to=x86-kernel@gentoo.org
31. security@gentoo.org
32.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&
chfield=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&
resolution=FIXED&assigned_to=security@gentoo.org
33. vapier@gentoo.org
34.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&
chfield=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&
resolution=FIXED&assigned_to=vapier@gentoo.org
New Bug Rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* AMD64 Porting Team[35], with 31 new bugs[36]
* Gentoo Linux Gnome Desktop Team[37], with 28 new bugs[38]
* Gentoo's Team for Core System packages[39], with 21 new bugs[40]
* Jeremy Huddleston[41], with 11 new bugs[42]
* Net-Mail Packages[43], with 8 new bugs[44]
* Gentoo X-windows packagers[45], with 7 new bugs[46]
* Robert Coie[47], with 7 new bugs[48]
* Gentoo KDE team[49], with 7 new bugs[50]
35. amd64@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&
bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&
chfieldto=2004-04-09&assigned_to=amd64@gentoo.org
37. gnome@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&
bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&
chfieldto=2004-04-09&assigned_to=gnome@gentoo.org
39. base-system@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&
bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&
chfieldto=2004-04-09&assigned_to=base-system@gentoo.org
41. eradicator@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&
bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&
chfieldto=2004-04-09&assigned_to=eradicator@gentoo.org
43. net-mail@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&
bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&
chfieldto=2004-04-09&assigned_to=net-mail@gentoo.org
45. xfree@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&
bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&
chfieldto=2004-04-09&assigned_to=xfree@gentoo.org
47. rac@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&
bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&
chfieldto=2004-04-09&assigned_to=rac@gentoo.org
49. kde@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&
bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&
chfieldto=2004-04-09&assigned_to=kde@gentoo.org
==================
6. Tips and Tricks
==================
Shell Autologout with TMOUT
Adding the TMOUT environment variable to your shell startup scripts will
automatically log out of an interactive shell after the specified number
of seconds.
---------------------------------------------------------------------------
| Code Listing 6.1: |
| .bash_profile |
---------------------------------------------------------------------------
| |
|Timeout if no input is given for 1 hour |
|TMOUT=3600 |
| |
---------------------------------------------------------------------------
===========================
7. Moves, Adds, and Changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* none this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* Jonathan Hood (squinky86) - accessibility, sword
* Yi Qiang (khai) - gnome
* Patrick Lauer (bonsaikitten) - cygwin, x86
* Danny Van (kugelfang) - amd64
* Roger Miliker (roger55) - releng
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* none this week
====================
8. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[51].
51. gwn-feedback@gentoo.org
===============
9. GWN Feedback
===============
Please send us your feedback[52] and help make the GWN better.
52. gwn-feedback@gentoo.org
================================
10. GWN Subscription Information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
11. Other Languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Dutch[53]
* English[54]
* German[55]
* French[56]
* Japanese[57]
* Italian[58]
* Polish[59]
* Portuguese (Brazil)[60]
* Portuguese (Portugal)[61]
* Russian[62]
* Spanish[63]
* Turkish[64]
53. http://www.gentoo.org/news/be/gwn/gwn.xml
54. http://www.gentoo.org/news/en/gwn/gwn.xml
55. http://www.gentoo.org/news/de/gwn/gwn.xml
56. http://www.gentoo.org/news/fr/gwn/gwn.xml
57. http://www.gentoo.org/news/ja/gwn/gwn.xml
58. http://www.gentoo.org/news/it/gwn/gwn.xml
59. http://www.gentoo.org/news/pl/gwn/gwn.xml
60. http://www.gentoo.org/news/br/gwn/gwn.xml
61. http://www.gentoo.org/news/pt/gwn/gwn.xml
62. http://www.gentoo.org/news/ru/gwn/gwn.xml
63. http://www.gentoo.org/news/es/gwn/gwn.xml
64. http://www.gentoo.org/news/tr/gwn/gwn.xml
Yuji Carlos Kosugi <carlos@gentoo.org> - Editor
AJ Armstrong <aja@clanarmstrong.com> - Contributor
Brian Downey <bdowney@briandowney.net> - Contributor
Luke Giuliani <cold_flame@email.com> - Contributor
Grant Goodyear <g2boojum@gentoo.org> - Contributor
Aron Griffis <agriffis@gentoo.org> - Contributor
Stuart Herbert <stuart@gentoo.org> - Contributor
Kurt Lieber <klieber@gentoo.org> - Contributor
Rafael Cordones Marcos <rcm@sasaska.net> - Contributor
David Narayan <david@phrixus.net> - Contributor
David Nielsen <Lovechild@foolclan.com> - Contributor
Ulrich Plate <plate@gentoo.org> - Contributor
Simon Holm Thagersen <simon@lysbro.net> - Danish Translation
Jesper Brodersen <broeman@gentoo.org> - Danish Translation
Arne Mejlholm <aaby@gentoo.org> - Danish Translation
Hendrik Eeckhaut <Hendrik.Eeckhaut@UGent.be> - Dutch Translation
Jorn Eilander <sephiroth@quicknet.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@bernieke.com> - Dutch Translation
Peter ter Borg <peter@daborg.nl> - Dutch Translation
Jochen Maes <linux@sejo.be> - Dutch Translation
Roderick Goessen <rgoessen@home.nl> - Dutch Translation
Gerard van den Berg <gerard@steelo.net> - Dutch Translation
Matthieu Montaudouin <mat@frheaven.com> - French Translation
Xavier Neys <neysx@gentoo.org> - French Translation
Martin Prieto <riverdale@linuxmail.org> - French Translation
Antoine Raillon <cabec2@pegase.net> - French Translation
Sebastien Cevey <seb@cine7.net> - French Translation
Jean-Christophe Choisy <mabouya@petitefleure.org> - French Translation
Thomas Raschbacher <lordvan@gentoo.org> - German Translation
Steffen Lassahn <madeagle@gentoo.org> - German Translation
Matthias F. Brandstetter <haim@gentoo.org> - German Translation
Lukas Domagala <Cyrik@gentoo.org> - German Translation
Tobias Scherbaum <dertobi123@gentoo.org> - German Translation
Daniel Gerholdt <Sputnik1969@gentoo.org> - German Translation
Marc Herren <dj-submerge@gentoo.org> - German Translation
Tobias Matzat <SirSeoman@gentoo.org> - German Translation
Marco Mascherpa <mush@monrif.net> - Italian Translation
Claudio Merloni <paper@tiscali.it> - Italian Translation
Stefano Lucidi <stefano.lucidi@gentoo-italia.org> - Italian Translation
Katuyuki Konno <katuyuki@siva.ddo.jp> - Japanese Translation
Hiroyuki Takeda <hiro@extreme.jspeed.jp> - Japanese Translation
Masato Hatakeyama <hatake@mx2.ttcn.ne.jp> - Japanese Translation
Masayoshi Nakamura <masayang@masasushi.com> - Japanese Translation
Yasunori Fukudome <yasunori@mail.portland.co.uk> - Japanese Translation
Tomoyuki Sakurai <web-gentoo-doc-jp@trombik.mine.nu> - Japanese Translation
Lukasz Strzygowski <lucass@gentoo.pl> - Polish Translation
Karol Goralski <gooroo@gentoo.pl> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@inf.ufrgs.br> - Portuguese
(Brazil) Translation
Eduardo Belloti <dudu@datavibe.net> - Portuguese (Brazil) Translation
Jo??o Rafael Moraes Nicola <joaoraf@rudah.com.br> - Portuguese (Brazil)
Translation
Marcelo Gon??alves de Azambuja <mgazambuja@terra.com.br> - Portuguese
(Brazil) Translation
Otavio Rodolfo Piske <angusy@gentoobr.org> - Portuguese (Brazil)
Translation
Pablo N. Hess -- NatuNobilis <natunobilis@gentoobr.org> - Portuguese
(Brazil) Translation
Pedro de Medeiros <pzilla@yawl.com.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@ig.com.br> - Portuguese (Brazil)
Translation
Bruno Ferreira <blueroom@digitalmente.net> - Portuguese (Portugal)
Translation
Gustavo Felisberto <humpback@felisberto.net> - Portuguese (Portugal)
Translation
Jos?? Costa <jose_costa@netcabo.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@linuxmail.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@rjlouro.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@bk.ru> - Russian Translator
Sergey Galkin <gals_home@list.ru> - Russian Translator
Sergey Kuleshov <svyatogor@gentoo.org> - Russian Translator
Alex Spirin <asp13@mail.ru> - Russian Translator
Denis Zaletov <dzaletov@rambler.ru> - Russian Translator
Lanark <lanark@lanark.com.ar> - Spanish Translation
Fernando J. Pereda <ferdy@ferdyx.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@uoc.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@telefonica.net> - Spanish Translation
Guillermo Juarez <katossi@usuarios.retecal.es> - Spanish Translation
Jes??s Garc??a Crespo <correo@sevein.com> - Spanish Translation
Carlos Castillo <carlos@castillobueno.com> - Spanish Translation
Julio Castillo <julio@castillobueno.com> - Spanish Translation
Sergio G??mez <s3r@fibertel.com.ar> - Spanish Translation
Aycan Irican <aycan@core.gen.tr> - Turkish Translation
Bugra Cakir <bugra@myrealbox.com> - Turkish Translation
Cagil Seker <cagils@biznet.com.tr> - Turkish Translation
Emre Kazdagli <emre@core.gen.tr> - Turkish Translation
Evrim Ulu <evrim@core.gen.tr> - Turkish Translation
Gursel Kaynak <gurcell@core.gen.tr> - Turkish Translation
(
Log in to post comments)
