Gentoo Weekly Newsletter - Volume 3, Issue 25

--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of June 21st, 2004.
---------------------------------------------------------------------------
=20

1. Gentoo News

 =20
Announcing Wasabi 0.2
---------------------
 =20
We're very pleased to announce that version 0.2 of Wasabi[1] has been=20
released. We introduced[2] Wasabi two weeks ago: it's a log monitoring=20
program initially developed for Gentoo infrastructure servers and now=20
hosted by Gentoo. Designed to watch one or more log files for lines=20
matching a regular expression, it can be set to send a notification email=
=20
whenever a matching line occurs, or to report on such lines periodically.=
=20
Changes in version 0.2 include multiple file support, large performance=20
gains, and better signal handling. For more information, read the=20
announcement[3] posted to gentoo-announce.=20

 1. http://www.gentoo.org/proj/en/infrastructure/wasabi/index.xml
 2. http://www.gentoo.org/news/en/gwn/20040607-newsletter.xml
 3. http://article.gmane.org/gmane.linux.gentoo.announce/373
   =20
Gentoo Linux seeking new kernel developers
------------------------------------------
 =20
The Gentoo Linux project is currently seeking for new developers=20
interested in helping the kernel team. We're looking for developers with a=
=20
lot of kernel experience as well as experience writing ebuilds. Interested=
=20
parties should send mail to [e-mail:recruiters@gentoo.org].=20
   =20

2. Gentoo Security

 =20
Squirrelmail: Another XSS vulnerability
---------------------------------------
 =20
Squirrelmail fails to properly sanitize user input, which could lead to a=
=20
compromise of webmail accounts.=20
=20
For more information, please see the GLSA Announcement[4]=20

 4. http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml
   =20
Horde-Chora: Remote code execution
----------------------------------
 =20
A vulnerability in Chora allows remote code execution and file upload.=20
=20
For more information, please see the GLSA Announcement[5]=20

 5. http://www.gentoo.org/security/en/glsa/glsa-200406-09.xml
   =20
Gallery: Privilege escalation vulnerability
-------------------------------------------
 =20
There is a vulnerability in the Gallery photo album software which may=20
allow an attacker to gain administrator privileges within Gallery.=20
=20
For more information, please see the GLSA Announcement[6]=20

 6. http://www.gentoo.org/security/en/glsa/glsa-200406-10.xml
   =20
Horde-IMP: Input validation vulnerability
-----------------------------------------
 =20
An input validation vulnerability has been discovered in Horde-IMP.=20
=20
For more information, please see the GLSA Announcement[7]=20

 7. http://www.gentoo.org/security/en/glsa/glsa-200406-11.xml
   =20
Webmin: Multiple vulnerabilities
--------------------------------
 =20
Webmin contains two security vulnerabilities which could lead to a Denial=
=20
of Service attack and information disclosure.=20
=20
For more information, please see the GLSA Announcement[8]=20

 8. http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
   =20
Squid: NTLM authentication helper buffer overflow
-------------------------------------------------
 =20
Squid contains a bug where it fails to properly check bounds of the 'pass'=
=20
variable.=20
=20
For more information, please see the GLSA Announcement[9]=20

 9. http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml
   =20
aspell: Buffer overflow in word-list-compress
---------------------------------------------
 =20
A bug in the aspell utility word-list-compress can allow an attacker to=20
execute arbitrary code.=20
=20
For more information, please see the GLSA Announcement[10]=20

 10. http://www.gentoo.org/security/en/glsa/glsa-200406-14.xml
   =20
Usermin: Multiple vulnerabilities
---------------------------------
 =20
Usermin contains two security vulnerabilities which could lead to a Denial=
=20
of Service attack and information disclosure.=20
=20
For more information, please see the GLSA Announcement[11]=20

 11. http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
   =20

3. Heard in the Community

 =20
Web Forums
----------
 =20
USE"-offensive"=20
=20
Imagine working in a US corporation. Imagine further that you've convinced=
=20
your boss that Linux is your operating system of choice, and you've even=20
managed to sneek a Gentoo installation into a predominantly red-hatted=20
environment. And then you emerge Windowmaker, just when your boss glances=
=20
over your shoulder... Sexually explicit material packaged in a window=20
manager has stirred a controversy in the forums that oscillates between=20
calls for "emerge unmerge Janet Jackson" and the introduction of a new USE=
=20
flag that bans or allows emerging offensive material:=20
=20
 * Prude alert: Sexually explicit wm themes in emerge[12]=20
 12. http://forums.gentoo.org/viewtopic.php?t187352

   =20
gentoo-user
-----------
 =20
Removing old Kernel Source Trees=20
=20
When upgrading your kernel sources, Gentoo will keep your old source trees=
=20
around, including in portage. This[13] thread has some pointers on how to=
=20
manage your kernel sources effectively.=20

 13.=20
http://groups.google.com/groups?dq&hlen&lr&ieUTF-8&threadm28=
tk1-6Qx-9%
40gated-at.bofh.it&prev/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie=
%3
DUTF-8%26group%3Dlinux.gentoo.user%26start%3D25
=20
Simultaneous Emerges?=20
=20
Is it safe to run multiple 'emerge' commands at once? Find out[14] here!=20

 14.=20
http://groups.google.com/groups?dq&hlen&lr&ieUTF-8&threadm27=
M5k-6cu-9%
40gated-at.bofh.it&prev/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie=
%3
DUTF-8%26group%3Dlinux.gentoo.user%26start%3D100
   =20

4. Bugzilla

 =20
Summary
-------
 =20
 * Statistics=20
 * Closed Bug Ranking=20
 * New Bug Rankings=20
   =20
Statistics
----------
 =20
The Gentoo community uses Bugzilla (bugs.gentoo.org[15]) to record and=20
track bugs, notifications, suggestions and other interactions with the=20
development team. Between 12 June 2004 and 18 June 2004, activity on the=20
site has resulted in:=20

 15. http://bugs.gentoo.org
=20
 * 580 new bugs during this period=20
 * 363 bugs closed or resolved during this period=20
 * 13 previously closed bugs were reopened this period=20
=20
Of the 6502 currently open bugs: 130 are labeled 'blocker', 190 are=20
labeled 'critical', and 514 are labeled 'major'.=20
   =20
Closed Bug Rankings
-------------------
 =20
The developers and teams who have closed the most bugs during this period=
=20
are:=20
=20
 * Jeremy Huddleston[16], with 32 closed bugs[17] =20
 * Perl Devs @ Gentoo[18], with 25 closed bugs[19] =20
 * AMD64 Porting Team[20], with 14 closed bugs[21] =20
 * Gentoo X-windows Packagers[22], with 13 closed bugs[23] =20
 * Mozilla Gentoo Team[24], with 12 closed bugs[25] =20
 * Gentoo KDE Team[26], with 12 closed bugs[27] =20
 16. [e-mail:eradicator@gentoo.org]
 17.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusRESOLVED&bug_statusCLOSE=
D&ch
fieldbug_status&chfieldfrom2004-06-12&chfieldto2004-06-18&resoluti=
onFIX
ED&assigned_toeradicator@gentoo.org
 18. [e-mail:perl@gentoo.org]
 19.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusRESOLVED&bug_statusCLOSE=
D&ch
fieldbug_status&chfieldfrom2004-06-12&chfieldto2004-06-18&resoluti=
onFIX
ED&assigned_toperl@gentoo.org
 20. [e-mail:amd64@gentoo.org]
 21.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusRESOLVED&bug_statusCLOSE=
D&ch
fieldbug_status&chfieldfrom2004-06-12&chfieldto2004-06-18&resoluti=
onFIX
ED&assigned_toamd64@gentoo.org
 22. [e-mail:xfree@gentoo.org]
 23.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusRESOLVED&bug_statusCLOSE=
D&ch
fieldbug_status&chfieldfrom2004-06-12&chfieldto2004-06-18&resoluti=
onFIX
ED&assigned_toxfree@gentoo.org
 24. [e-mail:mozilla@gentoo.org]
 25.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusRESOLVED&bug_statusCLOSE=
D&ch
fieldbug_status&chfieldfrom2004-06-12&chfieldto2004-06-18&resoluti=
onFIX
ED&assigned_tomozilla@gentoo.org
 26. [e-mail:kde@gentoo.org]
 27.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusRESOLVED&bug_statusCLOSE=
D&ch
fieldbug_status&chfieldfrom2004-06-12&chfieldto2004-06-18&resoluti=
onFIX
ED&assigned_tokde@gentoo.org

   =20
New Bug Rankings
----------------
 =20
The developers and teams who have been assigned the most new bugs during=20
this period are:=20
=20
 * Web-Apps Herd[28], with 27 new bugs[29] =20
 * Gentoo's Team for Core System packages[30], with 23 new bugs[31] =20
 * AMD64 Porting Team[32], with 21 new bugs[33] =20
 * Gentoo Linux Gnome Desktop Team[34], with 17 new bugs[35] =20
 * Java Team[36], with 12 new bugs[37] =20
 28. [e-mail:webapps-request@gentoo.org]
 29.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusNEW&bug_statusASSIGNED&b=
ug_s
tatusREOPENED&chfieldassigned_to&chfieldfrom2004-06-12&chfieldto=
2004-06
-18&assigned_towebapps-request@gentoo.org
 30. [e-mail:base-system@gentoo.org]
 31.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusNEW&bug_statusASSIGNED&b=
ug_s
tatusREOPENED&chfieldassigned_to&chfieldfrom2004-06-12&chfieldto=
2004-06
-18&assigned_tobase-system@gentoo.org
 32. [e-mail:amd64@gentoo.org]
 33.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusNEW&bug_statusASSIGNED&b=
ug_s
tatusREOPENED&chfieldassigned_to&chfieldfrom2004-06-12&chfieldto=
2004-06
-18&assigned_toamd64@gentoo.org
 34. [e-mail:gnome@gentoo.org]
 35.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusNEW&bug_statusASSIGNED&b=
ug_s
tatusREOPENED&chfieldassigned_to&chfieldfrom2004-06-12&chfieldto=
2004-06
-18&assigned_tognome@gentoo.org
 36. [e-mail:java@gentoo.org]
 37.=20
http://bugs.gentoo.org/buglist.cgi?bug_statusNEW&bug_statusASSIGNED&b=
ug_s
tatusREOPENED&chfieldassigned_to&chfieldfrom2004-06-12&chfieldto=
2004-06
-18&assigned_tojava@gentoo.org
   =20

5. Tips and Tricks

  =20
Tips and Tricks is on hiatus this week.
   =20
=

6. Moves, Adds, and Changes
=

 =20
Moves
-----
 =20
The following developers recently left the Gentoo team:
=20
 * Troy Dack (tad) - testing and tweaking=20
   =20
Adds
----
 =20
The following developers recently joined the Gentoo Linux team:
=20
 * None this week=20
   =20
Changes
-------
 =20
The following developers recently changed roles within the Gentoo Linux=20
project:
=20
 * None this week=20
   =20

7. Contribute to GWN

  =20
Interested in contributing to the Gentoo Weekly Newsletter? Send us an=20
email[38].

 38. [e-mail:gwn-feedback@gentoo.org]
   =20

8. GWN Feedback

  =20
Please send us your feedback[39] and help make the GWN better.

 39. [e-mail:gwn-feedback@gentoo.org]
   =20
=

9. GWN Subscription Information
=

  =20
To subscribe to the Gentoo Weekly Newsletter, send a blank email to=20
[e-mail:gentoo-gwn-subscribe@gentoo.org].
=20
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to=20
[e-mail:gentoo-gwn-unsubscribe@gentoo.org] from the email address you are=20
subscribed under.
   =20

10. Other Languages

  =20
The Gentoo Weekly Newsletter is also available in the following languages:
=20
 * Danish[40]=20
 * Dutch[41]=20
 * English[42]=20
 * German[43]=20
 * French[44]=20
 * Japanese[45]=20
 * Italian[46]=20
 * Polish[47]=20
 * Portuguese (Brazil)[48]=20
 * Portuguese (Portugal)[49]=20
 * Russian[50]=20
 * Spanish[51]=20
 * Turkish[52]=20
 40. http://www.gentoo.org/news/da/gwn/gwn.xml
 41. http://www.gentoo.org/news/be/gwn/gwn.xml
 42. http://www.gentoo.org/news/en/gwn/gwn.xml
 43. http://www.gentoo.org/news/de/gwn/gwn.xml
 44. http://www.gentoo.org/news/fr/gwn/gwn.xml
 45. http://www.gentoo.org/news/ja/gwn/gwn.xml
 46. http://www.gentoo.org/news/it/gwn/gwn.xml
 47. http://www.gentoo.org/news/pl/gwn/gwn.xml
 48. http://www.gentoo.org/news/br/gwn/gwn.xml
 49. http://www.gentoo.org/news/pt/gwn/gwn.xml
 50. http://www.gentoo.org/news/ru/gwn/gwn.xml
 51. http://www.gentoo.org/news/es/gwn/gwn.xml
 52. http://www.gentoo.org/news/tr/gwn/gwn.xml
  =20
Yuji Carlos Kosugi  - Editor
AJ Armstrong  - Contributor
Brian Downey  - Contributor
Kurt Lieber  - Contributor
David Narayan  - Contributor
Ulrich Plate  - Contributor
Sven Vermeulen  - Contributor
Simon Holm Thagersen  - Danish Translation
Jesper Brodersen  - Danish Translation
Arne Mejlholm  - Danish Translation
Hendrik Eeckhaut  - Dutch Translation
Jorn Eilander  - Dutch Translation
Bernard Kerckenaere  - Dutch Translation
Peter ter Borg  - Dutch Translation
Jochen Maes  - Dutch Translation
Roderick Goessen  - Dutch Translation
Gerard van den Berg  - Dutch Translation
Matthieu Montaudouin  - French Translation
Xavier Neys  - French Translation
Martin Prieto  - French Translation
Antoine Raillon  - French Translation
Sebastien Cevey  - French Translation
Jean-Christophe Choisy  - French Translation
Thomas Raschbacher  - German Translation
Steffen Lassahn  - German Translation
Matthias F. Brandstetter  - German Translation
Lukas Domagala  - German Translation
Tobias Scherbaum  - German Translation
Daniel Gerholdt  - German Translation
Marc Herren  - German Translation
Tobias Matzat  - German Translation
Marco Mascherpa  - Italian Translation
Claudio Merloni  - Italian Translation
Stefano Lucidi  - Italian Translation
Katuyuki Konno  - Japanese Translation
Hiroyuki Takeda  - Japanese Translation
Masato Hatakeyama  - Japanese Translation
Masayoshi Nakamura  - Japanese Translation
Yasunori Fukudome  - Japanese Translation
Tomoyuki Sakurai  - Japanese Translation
Lukasz Strzygowski  - Polish Translation
Karol Goralski  - Polish Translation
Atila "Jedi" Bohlke Vasconcelos  - Portuguese=20
(Brazil) Translation
Eduardo Belloti  - Portuguese (Brazil) Translation
Jo??o Rafael Moraes Nicola  - Portuguese (Brazil)=20
Translation
Marcelo Gon??alves de Azambuja  - Portuguese=20
(Brazil) Translation
Otavio Rodolfo Piske  - Portuguese (Brazil)=20
Translation
Pablo N. Hess -- NatuNobilis  - Portuguese=20
(Brazil) Translation
Pedro de Medeiros  - Portuguese (Brazil) Translation
Ventura Barbeiro  - Portuguese (Brazil)=20
Translation
Bruno Ferreira  - Portuguese (Portugal)=20
Translation
Gustavo Felisberto  - Portuguese (Portugal)=20
Translation
Jos?? Costa  - Portuguese (Portugal) Translation
Luis Medina  - Portuguese (Portugal) Translation
Ricardo Loureiro  - Portuguese (Portugal) Translation
Aleksandr Martyncev  - Russian Translator
Sergey Galkin  - Russian Translator
Sergey Kuleshov  - Russian Translator
Alex Spirin  - Russian Translator
Denis Zaletov  - Russian Translator
Lanark  - Spanish Translation
Fernando J. Pereda  - Spanish Translation
Lluis Peinado Cifuentes  - Spanish Translation
Zephryn Xirdal T  - Spanish Translation
Guillermo Juarez  - Spanish Translation
Jes??s Garc??a Crespo  - Spanish Translation
Carlos Castillo  - Spanish Translation
Julio Castillo  - Spanish Translation
Sergio G??mez  - Spanish Translation
Aycan Irican  - Turkish Translation
Bugra Cakir  - Turkish Translation
Cagil Seker  - Turkish Translation
Emre Kazdagli  - Turkish Translation
Evrim Ulu  - Turkish Translation
Gursel Kaynak  - Turkish Translation

--OXfL5xGRrasGEqWY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA2C869QP4LZPv56cRApvGAJ9uEN+u2PmbTgMvrQyS6wW2THhYMACgj4tx
0NHrmWbOky0GvViemFQWsTg=
=23y/
-----END PGP SIGNATURE-----

--OXfL5xGRrasGEqWY--

Full Story