Linux Today: Linux News On Internet Time.

Debian Weekly News for November 22nd, 2000

Nov 24, 2000, 15:16 (0 Talkback[s])
(Other stories by Joey Hess)

Date: Wed, 22 Nov 2000 22:38:23 -0800
From: Joey Hess joeyh@debian.org
To: debian-news@lists.debian.org
Subject: Debian Weekly News - November 22nd, 2000

Debian Weekly News
Debian Weekly News - November 22nd, 2000

Welcome to Debian Weekly News, a newsletter for the Debian community.

A raft of recent security fixes include fixes for a local [1]cron exploit, a [2]serious hole in ssh, a [3]local root exploit in modutils (Debian is vulnerable after all), [4]a bug in mc that allows anyone to overwrite the first byte of any file, [5]a buffer overflow in ncurses that can be exploited via [6]suid binaries in xmcd, a [7]symlink attack using joe's DEADJOE files and a [8]similar problem in elvis-tiny, a remote exploit that can [9]crash tcpdump, a similar [10]buffer overflow in ethereal, and an [11]updated cupsys package that doesn't default to letting anyone in the world access the printer. More security fixes continue to come in as DWN goes to press. This has been the busiest week for the security team in recent memory, and they've certainly done a good job.

Debian 2.2r2 will probably be released by this weekend. Anthony Towns and Ben Collins argued about this, with Anthony wanting [12]get r2 out within the promised time frame to fix the problems in r1, while Ben prefers to [13]wait a week or two for testing, even more pending security fixes, and to let the porters catch up so we do not "make another point release, with known issues". Anthony rejected this plan, stating that "it'll be out around the 24th, US holiday or not". This is a tough call -- more security holes will surely be found soon after we release -- but it's the kind of tough call that Anthony as release manager has to make, even if his decision is not popular.

One of this week's more interesting threads concerns women in Debian. [14]The thread touches on many subjects: the number of female developers (a few, with more in the queue), why there are so relatively few women in Debian and the free software world in general (is Debian "the epitome of the all guys testosterone engineering
groups?), and lots of general discussion not specific to Debian. It's clearly an interesting topic, but we should pay heed to An Thi-Nguyen Le when she [15]points out, "We're all just dudes who happen to work on Debian."

The [16]Debian Jr. project is [17]collecting ideas for a logo. The project also has a dedicated irc channel now, #debian-jr on irc.debian.org.

[18]debianHELP is the latest new Debian website. Their purpose is to "provide some in-depth, non-geek explanations about the common problems that people run into", and the site is taking off quickly, already full of topics like "What to do when unstable goes bad", "Printing in Debian", "Managing kernel modules", and a fair number of useful tips.

Debian won several awards this month. Debian received a [19]reader's choice award for web infrastructure from WebTechniques magazine, and a VA Linux system with Debian pre-loaded received Linux Journal's [20]editor's choice award for best web server. There seems to be a theme here..

1. http://www.debian.org/security/2000/20001118a
2. http://www.debian.org/security/2000/20001118
3. http://www.debian.org/security/2000/20001120
4. http://lists.debian.org/debian-user-0011/msg03289.html
5. http://lists.debian.org/debian-security-announce-00/msg00083.html
6. http://lists.debian.org/debian-security-announce-00/msg00084.html
7. http://www.debian.org/security/2000/20001122
8. http://lists.debian.org/debian-security-announce-00/msg00085.html
9. http://www.debian.org/security/2000/20001120a
10. http://www.debian.org/security/2000/20001122a
11. http://www.debian.org/security/2000/20001119
12. http://lists.debian.org/debian-release-0011/msg00062.html
13. http://lists.debian.org/debian-release-0011/msg00068.html
14. http://lists.debian.org/debian-devel-0011/msg01352.html
15. http://lists.debian.org/debian-devel-0011/msg01363.html
16. http://www.debian.org/devel/debian-jr/
17. http://www.debian.org/devel/debian-jr/News/2000/20001119
18. http://www.debianhelp.org/
19. http://www.webtechniques.com/wtawards/2000/index.shtml
20. http://www2.linuxjournal.com/cgi-bin/frames.pl/index.html

see shy jo