Debian Weekly News - July 3rd, 2007

To: Debian News Channel <debian-news@lists.debian.org>
Subject: Debian Weekly News - July 3rd, 2007
From: Martin Schulze <joey@infodrom.org>
Date: Tue, 3 Jul 2007 22:19:59 +0200 (CEST)
Message-id: <[🔎] 20070703202000.04A5CFEA2@finlandia.home.infodrom.org>
Reply-to: Debian Weekly News <dwn@debian.org>
---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2007/06/
Debian Weekly News - July 3rd, 2007
---------------------------------------------------------------------------

Welcome to this year's 6th issue of DWN, the newsletter for the Debian
community. Ulrich Hansen created a set of nice looking CD and DVD
[1]covers for the just released [2]Debian GNU/Linux 4.0. Roland Mas
[3]announced that [4]Alioth has been upgrade to [5]etch. Kurt
Gramlich [6]announced a Skolelinux Youngster Meeting on July 20th to
26th in Chemnitz, Germany.

 1. http://www.ulrich-hansen.de/etch/
 2. http://www.debian.org/releases/etch/
 3. http://lists.debian.org/debian-devel-announce/2007/05/msg00001.html
 4. http://alioth.debian.org/
 5. http://www.debian.org/releases/etch/
 6. http://lists.debian.org/debian-events-eu/2007/06/msg00015.html

Call for Papers for LVEE-2007. Vlad Shakhov [7]called for papers and
speakers for the upcoming [8]Linux Vacation/Eastern Europe (LVEE)
meeting. The event takes place from June, 14th to 17th near Hrodna,
Belarus. The conference goal is to provide open exchange of ideas and
experience between developers and users, give them ability to establish
personal contacts. Participants and speakers are asked to apply not
later than 1st of June.

 7. http://lists.debian.org/debian-events-eu/2007/04/msg00012.html
 8. http://lvee.org.by/

Interviews with Sam Hocevar. The new Debian project [9]leader was
interviewed by [10]itwire and [11]linux.com. Sam expressed that he
wants to focus on social aspects like improving the internal
communication, teamwork and motivating Ubuntu developers to contribute
to Debian. About the GPLv3 discussion he said that most GPLv2 software
in Debian is already GPLv3 compatible and that using the GPLv3 in
Debian would cause even more license incompatibilities.

 9. http://www.debian.org/devel/leader
 10. http://www.itwire.com.au/content/view/11654/1090/
 11. http://www.linux.com/article.pl?sid=07%2F04%2F26%2F1520212

Collection of Debian Art. André Luiz Rodrigues Ferreira [12]announced
the [13]Debian Art website. It aims to create an archive for high
quality artwork like wallpaper, splash screens, icons, logos,
screenshots or system sounds which can be freely used for KDE, GNOME,
Xfce or t-shirts and labels. This user contributed artwork can be
included in upcoming Debian releases.

 12. http://lists.debian.org/debian-devel/2007/05/msg00275.html
 13. http://www.debianart.org/

Removing PHP4. Sean Finney [14]announced that PHP4 will be removed from
[15]unstable and thus [16]testing. Sean has setup a Wiki [17]page to
give detailed information for packages depending on PHP4 and to track
the progress. He asked the respective maintainers to fix their packages
to avoid mass bug filing.

 14. http://lists.debian.org/debian-devel/2007/05/msg00126.html
 15. http://www.debian.org/releases/sid/
 16. http://www.debian.org/releases/testing/
 17. http://wiki.debian.org/PHP4Removal

Release Team Meeting Results. Andreas Barth [18]summarised the release
team meeting that took place in Jülich, Germany. A review of the
[19]etch release process lead to simplifying the use of release
[20]goals for the upcoming release of [21]lenny. Architecture
qualification status notes are due to be published every two months and
release updates should be sent out more regularly. The report also
contains a rough release schedule which aims at the next release in the
second half of 2008.

 18. http://lists.debian.org/debian-devel-announce/2007/06/msg00005.html
 19. http://www.debian.org/releases/etch/
 20. http://release.debian.org/lenny-goals.txt
 21. http://www.debian.org/releases/lenny/

Boosting the Release Team. Luk Claes [22]called for new release
assistants for the lenny release cycle in order to distribute the
workload better among them. Assistants need to have done Quality
Assurance for Debian already, have loads of spare time to use for
release work, have a good understanding of several scripting languages
and acknowledge that they will be doing merely basic work without
authority over the release.

 22. http://lists.debian.org/debian-devel-announce/2007/06/msg00007.html

Serious Problem Reminder. Lucas Nussbaum [23]announced that he's going
to send mails to maintainers of packages with serious problems once a
month. When a release-critical bug is open for more than 30 days, or
when the package has not yet migrated into testing the maintainer will
be informed about the problems.

 23. http://lists.debian.org/debian-devel/2007/06/msg01063.html

FrOSCon Debian Sub-Conference. Martin Zobel-Helas [24]called for papers
for a Debian sub-conference at this years' [25]FrOSCon that takes place
on August 25th and 26th in St. Augustin, Germany. In addition to the
developer room the project will also [26]run a booth in the exhibition
area.

 24. http://lists.debian.org/debian-events-eu/2007/06/msg00019.html
 25. http://www.froscon.org/
 26. http://lists.debian.org/debian-events-eu/2007/06/msg00006.html

Format String Vulnerabilities in Debian. Karl Chen and David Wagner
will present an [27]analysis on format string vulnerabilities in the
[28]sarge distribution for the ACM SIGPLAN Workshop on [29]Programming
Languages and Analysis for Security that takes place on June 14th in
San Diego, U.S.A. Tools have marked more than 1,500 packages
potentially insecure of which 87 were determined with true format
string bugs.

 27. http://www.cs.berkeley.edu/~daw/papers/fmtstr-plas07.pdf
 28. http://www.debian.org/releases/sarge/
 29. http://www.cs.umd.edu/~mwh/PLAS07/

Backports for Debian Etch. Alexander Wirt [30]announced the
availability of [31]backports for etch. Backported packages should be
available in the testing distribution, contain new and important
features and there has to be user demand for them. Backports for
[32]sarge are still supported and may need to be removed before the
system is upgraded to etch.

 30. http://lists.backports.org/lurker-bpo/message/20070419.092600.5007052f.en.html
 31. http://www.backports.org/
 32. http://www.debian.org/releases/sarge/

Transition to GCC 4.2. Martin Michlmayr [33]called for developers
interested in helping with the transition to GCC 4.2 by uploading
packages and inspecting build failures. Throughout the development of
GCC 4.2, the entire Debian archive has been recompiled regularly with
development snapshots of GCC to ensure a reliable compiler.

 33. http://lists.debian.org/debian-devel-announce/2007/06/msg00008.html

Package Build Status. Sergei Golovan [34]wondered about the meaning of
state "uploaded". Goswin von Brederlow [35]explained that it means the
[36]build daemon has received a signed changes file and has uploaded
the package into the incoming queue. When this status does not change
for a while something went wrong. The buildd admin has to upload the
package again or return it for a rebuild.

 34. http://lists.debian.org/debian-devel/2007/06/msg01266.html
 35. http://lists.debian.org/debian-devel/2007/07/msg00015.html
 36. http://www.debian.org/devel/buildd/

Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.

 * DSA 1280: [37]aircrack-ng -- Arbitrary code execution.
 * DSA 1281: [38]clamav -- Several vulnerabilities.
 * DSA 1282: [39]PHP4 -- Several vulnerabilities.
 * DSA 1283: [40]PHP5 -- Several vulnerabilities.
 * DSA 1284: [41]qemu -- Several vulnerabilities.
 * DSA 1285: [42]wordpress -- Several vulnerabilities.
 * DSA 1286: [43]Linux 2.6.18 -- Several vulnerabilities.
 * DSA 1287: [44]ldap-account-manager -- Arbitrary Several
   vulnerabilities.
 * DSA 1288: [45]pptpd -- Denial of service.
 * DSA 1289: [46]Linux 2.6.18 -- Several vulnerabilities.
 * DSA 1290: [47]squirrelmail -- Cross-site scripting.
 * DSA 1291: [48]samba -- Several vulnerabilities.
 * DSA 1292: [49]qt4-x11 -- Cross-site scripting.
 * DSA 1293: [50]quagga -- Denial of service.
 * DSA 1294: [51]XFree86 -- Several vulnerabilities.
 * DSA 1295: [52]PHP5 -- Several vulnerabilities.
 * DSA 1296: [53]PHP4 -- Privilege escalation.
 * DSA 1297: [54]gforge-plugin-scmcvs -- Arbitrary shell command
   execution.
 * DSA 1298: [55]otrs2 -- Cross-site scripting.
 * DSA 1299: [56]ipsec-tools -- Denial of service.
 * DSA 1300: [57]iceape -- Several vulnerabilities.
 * DSA 1301: [58]GIMP -- Arbitrary code execution.
 * DSA 1302: [59]freetype -- Arbitrary code execution.
 * DSA 1303: [60]lighttpd -- Denial of service.
 * DSA 1304: [61]Linux 2.6.8 -- Several vulnerabilities.
 * DSA 1305: [62]icedove -- Several vulnerabilities.
 * DSA 1306: [63]xulrunner -- Several vulnerabilities.
 * DSA 1307: [64]OpenOffice.org -- Arbitrary code execution.
 * DSA 1308: [65]iceweasel -- Several vulnerabilities.
 * DSA 1309: [66]PostgreSQL 8.1 -- Privilege escalation.
 * DSA 1310: [67]libexif -- Denial of service.
 * DSA 1311: [68]PostgreSQL 7.4 -- Privilege escalation.
 * DSA 1312: [69]libapache-mod-jk -- Information disclosure.
 * DSA 1313: [70]mplayer -- Arbitrary code execution.
 * DSA 1314: [71]open-iscsi -- Several vulnerabilities.
 * DSA 1315: [72]libphp-phpmailer -- Arbitrary shell command
   execution.
 * DSA 1316: [73]emacs21 -- Denial of service.
 * DSA 1317: [74]tinymux -- Arbitrary code execution.
 * DSA 1318: [75]ekg -- Denial of service.
 * DSA 1319: [76]maradns -- Denial of service.
 * DSA 1320: [77]clamav -- Several vulnerabilities.
 * DSA 1321: [78]evolution-data-server -- Arbitrary code execution.
 * DSA 1322: [79]wireshark -- Denial of service.
 * DSA 1323: [80]krb5 -- Several vulnerabilities.
 * DSA 1324: [81]hiki -- Privilege escalation.
 * DSA 1325: [82]evolution -- Arbitrary code execution.
 * DSA 1326: [83]fireflier-server -- Insecure temporary files.
 * DSA 1327: [84]gsambad -- Insecure temporary files.
 * DSA 1328: [85]unicon-imc2 -- Arbitrary code execution.

 37. http://www.debian.org/security/2007/dsa-1280
 38. http://www.debian.org/security/2007/dsa-1281
 39. http://www.debian.org/security/2007/dsa-1282
 40. http://www.debian.org/security/2007/dsa-1283
 41. http://www.debian.org/security/2007/dsa-1284
 42. http://www.debian.org/security/2007/dsa-1285
 43. http://www.debian.org/security/2007/dsa-1286
 44. http://www.debian.org/security/2007/dsa-1287
 45. http://www.debian.org/security/2007/dsa-1288
 46. http://www.debian.org/security/2007/dsa-1289
 47. http://www.debian.org/security/2007/dsa-1290
 48. http://www.debian.org/security/2007/dsa-1291
 49. http://www.debian.org/security/2007/dsa-1292
 50. http://www.debian.org/security/2007/dsa-1293
 51. http://www.debian.org/security/2007/dsa-1294
 52. http://www.debian.org/security/2007/dsa-1295
 53. http://www.debian.org/security/2007/dsa-1296
 54. http://www.debian.org/security/2007/dsa-1297
 55. http://www.debian.org/security/2007/dsa-1298
 56. http://www.debian.org/security/2007/dsa-1299
 57. http://www.debian.org/security/2007/dsa-1300
 58. http://www.debian.org/security/2007/dsa-1301
 59. http://www.debian.org/security/2007/dsa-1302
 60. http://www.debian.org/security/2007/dsa-1303
 61. http://www.debian.org/security/2007/dsa-1304
 62. http://www.debian.org/security/2007/dsa-1305
 63. http://www.debian.org/security/2007/dsa-1306
 64. http://www.debian.org/security/2007/dsa-1307
 65. http://www.debian.org/security/2007/dsa-1308
 66. http://www.debian.org/security/2007/dsa-1309
 67. http://www.debian.org/security/2007/dsa-1310
 68. http://www.debian.org/security/2007/dsa-1311
 69. http://www.debian.org/security/2007/dsa-1312
 70. http://www.debian.org/security/2007/dsa-1313
 71. http://www.debian.org/security/2007/dsa-1314
 72. http://www.debian.org/security/2007/dsa-1315
 73. http://www.debian.org/security/2007/dsa-1316
 74. http://www.debian.org/security/2007/dsa-1317
 75. http://www.debian.org/security/2007/dsa-1318
 76. http://www.debian.org/security/2007/dsa-1319
 77. http://www.debian.org/security/2007/dsa-1320
 78. http://www.debian.org/security/2007/dsa-1321
 79. http://www.debian.org/security/2007/dsa-1322
 80. http://www.debian.org/security/2007/dsa-1323
 81. http://www.debian.org/security/2007/dsa-1324
 82. http://www.debian.org/security/2007/dsa-1325
 83. http://www.debian.org/security/2007/dsa-1326
 84. http://www.debian.org/security/2007/dsa-1327
 85. http://www.debian.org/security/2007/dsa-1328

New or Noteworthy Packages. The following packages were added to the
unstable Debian archive [86]recently.

 86. http://packages.debian.org/unstable/newpkg_main

 * [87]apparix -- Console-based bookmark tool for fast file system
   navigation.
 * [88]apt-transport-https -- APT HTTPS transport.
 * [89]bitstormlite -- BitTorrent Client based on C++/GTK+2.0.
 * [90]ctorrent -- BitTorrent Client written in C.
 * [91]ecj -- Standalone version of the Eclipse Java compiler.
 * [92]ept-cache -- Command line tool to search the package archive.
 * [93]fdm -- Fetching, filtering and delivering emails.
 * [94]fische -- Standalone sound visualisation for Linux.
 * [95]gfa -- GTK+ fast address book.
 * [96]giggle -- GTK+ frontend for the git directory tracker.
 * [97]gozerbot -- IRC and Jabber bot written in Python.
 * [98]gpodder -- GTK+ Media aggregator and Podcast catcher.
 * [99]hgsvn -- Scripts to work locally on Subversion checkouts using
   Mercurial.
 * [100]jlgui -- Graphical music player.
 * [101]ksniffer -- Network traffic analyser for KDE.
 * [102]mtpaint -- Painting program to create pixel art and manipulate
   digital photos.
 * [103]mummer -- Efficient sequence alignment of full genomes.
 * [104]ophcrack -- Microsoft Windows password cracker using rainbow
   tables.
 * [105]postpone -- Schedules commands to be executed later.
 * [106]powertop -- Linux tool to find out what is using power on a
   laptop.
 * [107]pybackpack -- User friendly file backup tool for GNOME.
 * [108]qgfe -- Qt based Gnuplot Frontend.
 * [109]qtemu -- Graphical user interface for QEMU.
 * [110]qtiplot -- Data analysis and scientific plotting.
 * [111]qtractor -- MIDI/Audio multi-track sequencer application.
 * [112]renpy -- Framework for developing visual-novel type games.
 * [113]rofs -- Read-Only Filesystem for FUSE.
 * [114]slim -- Desktop-independent graphical login manager for X11.
 * [115]taxbird -- First free Elster client (German Tax Declarations).
 * [116]tripod -- iPod photo uploader.
 * [117]tmw -- Mana World is a great Online Rolegame.
 * [118]wavbreaker -- Tool to split wave files into multiple chunks.
 * [119]xindy -- Index generator for structured documents like LaTeX
   or SGML.

 87. http://packages.debian.org/unstable/utils/apparix
 88. http://packages.debian.org/unstable/admin/apt-transport-https
 89. http://packages.debian.org/unstable/net/bitstormlite
 90. http://packages.debian.org/unstable/net/ctorrent
 91. http://packages.debian.org/unstable/devel/ecj
 92. http://packages.debian.org/unstable/misc/ept-cache
 93. http://packages.debian.org/unstable/mail/fdm
 94. http://packages.debian.org/unstable/sound/fische
 95. http://packages.debian.org/unstable/utils/gfa
 96. http://packages.debian.org/unstable/devel/giggle
 97. http://packages.debian.org/unstable/net/gozerbot
 98. http://packages.debian.org/unstable/x11/gpodder
 99. http://packages.debian.org/unstable/devel/hgsvn
 100. http://packages.debian.org/unstable/sound/jlgui
 101. http://packages.debian.org/unstable/kde/ksniffer
 102. http://packages.debian.org/unstable/graphics/mtpaint
 103. http://packages.debian.org/unstable/science/mummer
 104. http://packages.debian.org/unstable/admin/ophcrack
 105. http://packages.debian.org/unstable/utils/postpone
 106. http://packages.debian.org/unstable/x11/powertop
 107. http://packages.debian.org/unstable/gnome/pybackpack
 108. http://packages.debian.org/unstable/math/qgfe
 109. http://packages.debian.org/unstable/x11/qtemu
 110. http://packages.debian.org/unstable/math/qtiplot
 111. http://packages.debian.org/unstable/sound/qtractor
 112. http://packages.debian.org/unstable/games/renpy
 113. http://packages.debian.org/unstable/utils/rofs
 114. http://packages.debian.org/unstable/x11/slim
 115. http://packages.debian.org/unstable/gnome/taxbird
 116. http://packages.debian.org/unstable/graphics/tripod
 117. http://packages.debian.org/unstable/games/tmw
 118. http://packages.debian.org/unstable/x11/wavbreaker
 119. http://packages.debian.org/unstable/text/xindy

Orphaned Packages. 58 packages were orphaned since the last issue and
require a new maintainer. Below is an excerpt of the entire list. This
makes a total of 409 orphaned packages. Many thanks to the previous
maintainers who contributed to the Free Software community. Please see
the [120]WNPP pages for the full list, and please add a note to the bug
report and retitle it to ITA: if you plan to take over a package. To
find out which orphaned packages are installed on your system the
wnpp-alert program from devscripts may be helpful.

 120. http://www.debian.org/devel/wnpp/

 * [121]airsnort -- WLAN sniffer. ([122]Bug#429507)
 * [123]cfourcc -- Command line tool for changing FourCC in Microsoft
   RIFF AVI files. ([124]Bug#425242)
 * [125]datefudge -- Fake the system date. ([126]Bug#429467)
 * [127]divxcomp -- Bitrate calculator for DivX:-) movies written in
   perl. ([128]Bug#424713)
 * [129]dvi2tty -- Previewing dvi-files on text-only devices.
   ([130]Bug#430129)
 * [131]ecawave -- Graphical audio file editor. ([132]Bug#431141)
 * [133]fblogo -- Converts images to framebuffer-logo header file.
   ([134]Bug#427139)
 * [135]flyspray -- Lightweight Bug Tracking System (BTS) in PHP.
   ([136]Bug#428366)
 * [137]gscanbus -- Scan IEEE1394 (firewire/i.link) bus.
   ([138]Bug#429559)
 * [139]kforth -- Small Forth Interpreter Written in C++.
   ([140]Bug#429469)
 * [141]labrea -- "Sticky" honeypot and IDS. ([142]Bug#424715)
 * [143]libc-scan-perl -- Scan C language files for easily recognised
   constructs. ([144]Bug#430977)
 * [145]medussa -- Distributed password cracking system.
   ([146]Bug#424716)
 * [147]metacam -- Extract EXIF information from digital camera files.
   ([148]Bug#425241)
 * [149]outguess -- Universal Steganographic tool. ([150]Bug#424718)
 * [151]pmidi -- Command line MIDI player for ALSA. ([152]Bug#429755)
 * [153]procmail-lib -- Library of useful procmail recipes.
   ([154]Bug#430981)
 * [155]stegdetect -- Detect and extract steganography messages inside
   JPEG. ([156]Bug#424720)
 * [157]tcpick -- TCP stream sniffer and connection tracker.
   ([158]Bug#430030)
 * [159]wmcalc -- Dockable calculator application. ([160]Bug#427132)

 121. http://packages.debian.org/unstable/net/airsnort
 122. http://bugs.debian.org/429507
 123. http://packages.debian.org/unstable/graphics/cfourcc
 124. http://bugs.debian.org/425242
 125. http://packages.debian.org/unstable/devel/datefudge
 126. http://bugs.debian.org/429467
 127. http://packages.debian.org/unstable/utils/divxcomp
 128. http://bugs.debian.org/424713
 129. http://packages.debian.org/unstable/tex/dvi2tty
 130. http://bugs.debian.org/430129
 131. http://packages.debian.org/unstable/sound/ecawave
 132. http://bugs.debian.org/431141
 133. http://packages.debian.org/unstable/devel/fblogo
 134. http://bugs.debian.org/427139
 135. http://packages.debian.org/unstable/web/flyspray
 136. http://bugs.debian.org/428366
 137. http://packages.debian.org/unstable/utils/gscanbus
 138. http://bugs.debian.org/429559
 139. http://packages.debian.org/unstable/interpreters/kforth
 140. http://bugs.debian.org/429469
 141. http://packages.debian.org/unstable/net/labrea
 142. http://bugs.debian.org/424715
 143. http://packages.debian.org/unstable/perl/libc-scan-perl
 144. http://bugs.debian.org/430977
 145. http://packages.debian.org/unstable/admin/medussa
 146. http://bugs.debian.org/424716
 147. http://packages.debian.org/unstable/graphics/metacam
 148. http://bugs.debian.org/425241
 149. http://packages.debian.org/unstable/utils/outguess
 150. http://bugs.debian.org/424718
 151. http://packages.debian.org/unstable/sound/pmidi
 152. http://bugs.debian.org/429755
 153. http://packages.debian.org/unstable/mail/procmail-lib
 154. http://bugs.debian.org/430981
 155. http://packages.debian.org/unstable/utils/stegdetect
 156. http://bugs.debian.org/424720
 157. http://packages.debian.org/unstable/net/tcpick
 158. http://bugs.debian.org/430030
 159. http://packages.debian.org/unstable/x11/wmcalc
 160. http://bugs.debian.org/427132

Want to continue reading DWN? Please help us create this newsletter. We
still need more volunteer writers who watch the Debian community and
report about what is going on. Please see the [161]contributing page to
find out how to help. We're looking forward to receiving your mail at
[162]dwn@debian.org.

 161. http://www.debian.org/News/weekly/contributing
 162. mailto:dwn@debian.org

This issue of Debian Weekly News was edited by Sebastian Feltel,
Thomas Bliesener, Y Giridhar Appaji Nag and Martin 'Joey' Schulze.
Reply to:
Prev by Date: Debian Weekly News - April 24th, 2007
Previous by thread: Debian Weekly News - April 24th, 2007
Index(es):
- Date
- Thread