Welcome to Debian Weekly News, a newsletter for the Debian
A raft of recent security fixes include fixes for a local
cron exploit, a serious hole in ssh, a local root exploit
in modutils (Debian is vulnerable after all), a bug in mc that
allows anyone to overwrite the first byte of any file, a buffer
overflow in ncurses that can be exploited via suid binaries in
xmcd, a symlink attack using joe's DEADJOE files and a
similar problem in elvis-tiny, a remote exploit that can
crash tcpdump, a similar buffer overflow in ethereal, and an
updated cupsys package that doesn't default to letting anyone
in the world access the printer. More security fixes continue to
come in as DWN goes to press. This has been the busiest week for
the security team in recent memory, and they've certainly done a
Debian 2.2r2 will probably be released by this weekend. Anthony
Towns and Ben Collins argued about this, with Anthony wanting
get r2 out within the promised time frame to fix the problems
in r1, while Ben prefers to wait a week or two for testing,
even more pending security fixes, and to let the porters catch up
so we do not "make another point release, with known issues".
Anthony rejected this plan, stating that "it'll be out around the
24th, US holiday or not". This is a tough call -- more security
holes will surely be found soon after we release -- but it's the
kind of tough call that Anthony as release manager has to make,
even if his decision is not popular.
One of this week's more interesting threads concerns women in
Debian. The thread touches on many subjects: the number of
female developers (a few, with more in the queue), why there are so
relatively few women in Debian and the free software world in
general (is Debian "the epitome of the all guys testosterone
groups?), and lots of general discussion not specific to Debian.
It's clearly an interesting topic, but we should pay heed to An
Thi-Nguyen Le when she points out, "We're all just dudes who
happen to work on Debian."
The Debian Jr. project is collecting ideas for a logo.
The project also has a dedicated irc channel now, #debian-jr on
debianHELP is the latest new Debian website. Their purpose
is to "provide some in-depth, non-geek explanations about the
common problems that people run into", and the site is taking off
quickly, already full of topics like "What to do when unstable goes
bad", "Printing in Debian", "Managing kernel modules", and a fair
number of useful tips.
Debian won several awards this month. Debian received a
reader's choice award for web infrastructure from WebTechniques
magazine, and a VA Linux system with Debian pre-loaded received
Linux Journal's editor's choice award for best web server.
There seems to be a theme here..