The kernel team is open to backporting some features from later kernel
versions, particularly to support newer hardware.

Featuresets
———–

The only featureset provided will be ‘rt’ (realtime), currently built
for amd64 only. If there is interest in realtime support for other
architectures, we may be able to add that. However, we do need to
consider the total time taken to build binary packages for each
architecture.

If there are particular container features that should be enabled or
backported to provide a useful replacement for OpenVZ or VServer,
please let us know. We cannot promise that these will all be enabled
but we need to know what is missing.

Compatibility
————-

If you maintain a package for which the current stable version is not
compatible with Linux 3.2, excluding kernel module packages, please
consider making a stable update that fixes this.

If you maintain a kernel module package, please ensure that this is
compatible with Linux 3.2 in time for the freeze. Any modules that
are not compatible will not be included in the release. I recently
tested building all the module packages I could find against Linux 3.1
and have filed bugs against those that failed to build; however I have
not tested against Linux 3.2 and would prefer that the respective
maintainers did so.

We intend to switch to 2-component upstream version numbers in the
kernel version string, e.g. 3.3-1-amd64. This change has been
deferred until after wheezy to avoid incompatibility with packages in
squeeze that assume 3-component version numbers. If your package uses
uname(1) or uname(2) please ensure that it is prepared for this *in
wheezy* so that we can make the change immediately after.

Upstream support
—————-

Debian, Ubuntu and others will work upstream on a 3.2.y longterm
series of bug fixes.

Ben.

– Ben Hutchings We get into the habit of living before acquiring the habit of thinking. – Albert Camus

Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.

Those who frequently install updates from security.debian.org won’t
have to update many packages and most updates from security.debian.org
are included in this update.

New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.

Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian’s many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:

http://www.debian.org/mirror/list

Miscellaneous Bugfixes
———————-
This stable update adds a few important corrections to the following
packages:

Package Reason

adolc Remove Visual C++ runtime from windows/
directory
backuppc Fix data corruption in tarballs due to
logging to stdout and two XSS issues
base-files Update /etc/debian_version for the
point release
base-installer Add POWER7 to the powerpc64 family
bti Fix identi.ca OAuth URLs
bugzilla Security fixes
byobu Correct postinst chmod semantics
bzip2 Fix CVE-2011-4089
c-ares Fix encoded length for indirect root
cherokee Avoid brute-forceable password in
cherokee-admin
cifs-utils Fix mtab corruption issues
clamav New upstream version; fix potential DoS
clamz Handle unencrypted amz files
cpufrequtils Load powernow-k8 for AMD family 20
(i.e. AMD E-350 cpus); better support
3.0 kernels
debian-installer Stop menu falling off the screen
debian-installer-netboot-images Update to d-i 20110106+squeeze4
dpkg Add armhf to {os,triplet}table; defer
hardlink renames; do not fail to unpack
shared directories missing on the file
system from packages being replaced by
other packages
eglibc New upstream stable release plus fixes
from stable branch
erlang Fix CVE-2011-0766 (cryptographic
weakness) in the erlang ssh application
etherape Null pointer dereferences
gimp Fix printing when used with libcairo
version 1.10 or above
gnutls26 Fix buffer overflow in
gnutls_session_get_data()
hplip Fix insecure use of temporary file
ia32-libs Update packages
ia32-libs-gtk Update packages
ifupdown-extra Handle moved location of ethtool; fix
handling of “rejects” in static-route;
use –tmpdir for temporary files; move
/etc/network/network-routes to
/e/n/routes; documentation updates
iotop Give a helpful error instead of
crashing when Linux denies permission
to read the taskstats files
jabberbot Bind callbacks after the roster has
been initialised
kernel-wedge Add et131x to nic-extra-modules; add
isci to scsi-extra-modules; add
xhci-hcd to usb-modules
killer Use DNS for mail domain rather than
NIS; stop cron job failing when package
is removed
ldap2zone Don’t send mail on success; syslog
instead
libdata-formvalidator-perl Fix possible passing of invalid data in
untaint mode
libdebian-installer Detect IBM pSeries platform as
powerpc/chrp_ibm
libdigest-perl Fix unsafe use of eval in Digest->new()
libhtml-template-pro-perl Fix XSS
libjifty-dbi-perl SQL injection
libmtp Add support for Motorola Xoom devices
libpar-packer-perl Fix use of unsafe and predictable
temporary directories
libpar-perl Fix use of unsafe and predictable
temporary directories
linux-2.6 Fixes for xen regression, GRO/GSO IPv6
forwarding, ppc vserver; add stable
releases 2.6.32.47-54, various fixes;
fix tg3 regression; xen fixes
linux-kernel-di-amd64-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-armel-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-i386-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-ia64-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-mips-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-mipsel-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-powerpc-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-s390-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
linux-kernel-di-sparc-2.6 Rebuild against linux-2.6 kernel
2.6.32-41
masqmail Fix improper seteuid() calls
mdadm Quieten some cron messages; don’t break
when no scheduling class is specified
or no devices are active; LSB header
updates
mediawiki Fix unintended exposure of hidden
content through cache pollution;
disable CVE-2011-4360.patch; doesn’t
apply to this version and causes errors
module-init-tools Support 3.0 kernels
multipath-tools Change HP hardware handler to hp_sw;
update man pages
mutt Fix validation of commonname (gnutls)
nfs-utils Allow negotiated enctypes to be limited;
avoid corrupting mtab
nginx Fix compression pointer processing in
DNS response greater than 255 bytes
nss-pam-ldapd Correctly parse /etc/nsswitch.conf,
detect calling process identity and fix
disconnect logic
partman-target Stop treating ISO hybrid images on USB
sticks as real optical drives
pastebinit Fix support for user configuration
files
pbuilder Rename the /run script from –execute
to /runscript, for compatibility with
wheezy and later which have /run as a
directory replacing /var/run
perl Unregister signal handler before
destroying my_perl; fixes segfault;
minor security fixes
phppgadmin Fix XSS
pidgin Fix remote crash issues
postgresql-8.4 New upstream micro-release
pure-ftpd Fix man in the middle attack on
encrypted sessions
python-debian Allow “:” as the first character of a
value
python3-defaults Ignore binary files while checking
shebangs
qemu-kvm Fix NIC hotplug from libvirt
quassel Fix missing translations
recoll Plug conversion descriptor leak in
unac.c::convert() error path
rng-tools Work around VIA Nano xstore bug; add
3.0 kernel support
rpm Fix malformed header parsing
samba Allow using unencrypted passwords with
Windows clients with KB2536276
installed
shorewall Install missing
/usr/share/shorewall/helpers
shorewall-lite Install missing
/usr/share/shorewall/helpers
shorewall6 Install missing
/usr/share/shorewall/helpers
shorewall6-lite Install missing
/usr/share/shorewall/helpers
slbackup Fix path to configuration file in the
cron job
slbackup-php Fix login issues, deal with blanks in
filenames, fix last failed timestamp
tinyproxy Validate port number specified in
configuration
tzdata New upstream version; add DST for
America/Bahia
user-mode-linux Rebuild against linux-source-2.6.32
(2.6.32-41)
webkit Avoid doing lots of needless NULL DNS
lookups
whatsnewfm Handle renaming of freshmeat
to freshcode
xorg-server GLX: add missing input sanitization;
fix a file disclosure vulnerability and
a file permission change vulnerability
xpdf Fix insecure temporary file usage

Security Updates
—————-
This revision adds the following security updates to the stable
release. The Security Team has already released an advisory for each of
these updates:

Advisory ID Package Correction(s)

DSA-2181 subversion Denial of service
DSA-2251 subversion Multiple issues
DSA-2283 krb5-appl Programming error
DSA-2284 opensaml2 Implementation error
DSA-2301 rails Multiple issues
DSA-2311 openjdk-6 Multiple issues
DSA-2315 openoffice.org Multiple issues
DSA-2318 cyrus-imapd-2.2 Multiple issues
DSA-2322 bugzilla Multiple issues
DSA-2323 radvd Multiple issues
DSA-2324 wireshark Programming error
DSA-2325 kfreebsd-8 Privilege escalation/denial
of service
DSA-2326 pam Multiple issues
DSA-2327 libfcgi-perl Authentication bypass
DSA-2328 freetype Missing input sanitising
DSA-2329 torque Buffer overflow
DSA-2330 simplesamlphp Multiple issues
DSA-2331 tor Multiple issues
DSA-2332 python-django Multiple issues
DSA-2333 phpldapadmin Multiple issues
DSA-2334 mahara Multiple issues
DSA-2335 man2html Missing input sanitization
DSA-2337 xen Multiple issues
DSA-2338 moodle Multiple issues
DSA-2339 nss Multiple issues
DSA-2340 postgresql-8.4 Weak password hashing
DSA-2341 iceweasel Multiple issues
DSA-2342 iceape Multiple issues
DSA-2343 openssl CA trust revocation
DSA-2344 python-django-piston Deserialization vulnerability
DSA-2345 icedove Multiple issues
DSA-2346 proftpd-dfsg Multiple issues
DSA-2347 bind9 Improper assert
DSA-2348 systemtap Multiple issues
DSA-2349 spip Multiple issues
DSA-2350 freetype Missing input sanitising
DSA-2351 wireshark Buffer overflow
DSA-2353 ldns Buffer overflow
DSA-2354 cups Multiple issues
DSA-2355 clearsilver Format string vulnerability
DSA-2356 openjdk-6 Multiple issues
DSA-2357 evince Multiple issues
DSA-2361 chasen Buffer overflow
DSA-2362 acpid Multiple issues
DSA-2363 tor Buffer overflow
DSA-2364 xorg Incorrect permission check
DSA-2366 mediawiki Multiple issues
DSA-2367 asterisk Multiple issues
DSA-2368 lighttpd Multiple issues
DSA-2369 libsoup2.4 Directory traversal
DSA-2370 unbound Multiple issues
DSA-2371 jasper Buffer overflows
DSA-2372 heimdal Buffer overflow
DSA-2373 inetutils Buffer overflow
DSA-2374 openswan Implementation error
DSA-2375 krb5-appl Buffer overflow
DSA-2376 ipmitool Insecure pid file
DSA-2377 cyrus-imapd-2.2 Denial of service
DSA-2378 ffmpeg Multiple issues
DSA-2379 krb5 Multiple issues
DSA-2380 foomatic-filters Shell command injection
DSA-2381 squid3 Invalid memory deallocation
DSA-2382 ecryptfs-utils Multiple issues
DSA-2383 super Buffer overflow
DSA-2384 cacti Multiple issues
DSA-2385 pdns Packet loop
DSA-2386 openttd Multiple issues
DSA-2387 simplesamlphp Cross site scripting
DSA-2388 t1lib Multiple issues
DSA-2390 openssl Multiple issues
DSA-2391 phpmyadmin Multiple issues
DSA-2392 openssl Out-of-bounds read
DSA-2393 bip Buffer overflow

Debian Installer
—————-
The installer has been updated with this point release to add support
for installing on POWER7 machines and to adjust the dimensions of the
initial boot menu to avoid issues with some screens.

The kernel used by the installer has been updated to include various
security fixes and to add support for Agere ET-1310-based network cards
(et131x driver), Intel C600-series SAS/SATA controllers (isci driver)
and USB 3.0 controllers (xhci driver).

Removed packages
—————-
The following packages were removed due to circumstances beyond our
control:

Package Reason
partlibrary Non-distributable
cad Non-distributable

URLs
—-
The complete lists of packages that have changed with this revision:

http://ftp.debian.org/debian/dists/squeeze/ChangeLog

The current stable distribution:

http://ftp.debian.org/debian/dists/stable/

Proposed updates to the stable distribution:

http://ftp.debian.org/debian/dists/proposed-updates

Stable distribution information (release notes, errata etc.):

http://www.debian.org/releases/stable/

Security announcements and information:

http://security.debian.org/

About Debian
————
The Debian Project is an association of Free Software developers who
volunteer their time and effort in order to produce the completely free
operating system Debian.

Contact Information
——————-
For further information, please visit the Debian web pages at
http://www.debian.org/, send mail to , or contact the
stable release team at .

The principle of a BSP is to gather Debian contributors to tackle a
maximum of bugs in the Debian distribution.

This event is also the opportunity for new potential contributors to
meet Debian Developers or Maintainers. Numerous regular contributors
will attend to this BSP and will help newcomers to fix their first bugs.

For organization reasons, an inscription on the Debian wiki is
mandatory.

More information:
* http://wiki.debian.org/BSP/2012/02/fr/Paris
* http://www.irill.org/events/debian-bug-squashing-party-wheezy
* http://www.irill.org/about/access

Regards,
Sylvestre

Running piuparts.debian.org is still maintainance hungry, but the last months
have seen lots of patches and other contributions, including bug filings based
on the tests results, which is awesome! Please keep it coming!

If you have no idea what piuparts is: it’s a tool for testing that .deb
packages can be installed, upgraded, and removed without problems. The testing
results are published on http://piuparts.debian.org daily.

Before telling more news, I have two requests to everybody maintaining
packages in Debian: (and which are kinda news too)

- please check your personal status pages. Every maintainer/uploader
has one (or up to five! One for each distro being tested.) Mine is at

http://piuparts.debian.org/wheezy/maintainer/h/holger@debian.org.html

please go and check yours. Regularily. And fix these issues! And thank you
if you already do this!

- please file bugs, if you see them. If the bug is also detected on
piuparts.debian.org, please usertag it! In short:

User: debian-qa@lists.debian.org
Usertags: piuparts

Verbose instructions, including templates, for filing piuparts bugs are
available:

http://piuparts.debian.org/bug_howto.html

Since December 2011 a new “distro” is being tested: squeeze2wheezy, which means
upgrade tests for individual packages, installed on Squeeze and then upgraded to
Wheezy. After a month of testing this lead to a nice graph which can be seen on:

http://piuparts.debian.org/squeeze2wheezy/

In words: 33708 passed logs, 158 failed, 130 in state dependency-failed-testing.
In wheezy it’s about the same, but only 90 failed, so there are still some
upgrade issues to iron out.

Comparing the overall test results for wheezy and squeez2wheezy with squeeze
and lenny2squeeze is also interesting. And the way forward is to file and fix
bugs, obviously!

There are a lot more packages in failing state for sid. This is because for the
other distros, the test for leaving files behind after purge is ignored to catch
more severe problems. In sid, this is also treated as an important failure,
causing dependent packages not to be tested.

A goal should be, to have no failed (and thus unfiled) logs for wheezy and
squeeze2wheezy tests on piuparts.debian.org at the time of the wheezy freeze,
aka June 2012! Please help to reach this goal! Either by filing or fixing bugs!

Since DebConf11, piuparts is maintained in git and since then contributing by
providing feature/bugfix branches is the prefered form.

git clone git://git.debian.org/git/piuparts/piuparts.git

This has also lead to new uploads:

- 0.42 has been released on Decemeber 23rd 2011 and reached wheezy a while ago,
containing many improvements from four months of development.
- 0.43 released on January 22nd, 2012, after just a month of development.
In this release /run/.* was added to self.ignored_patterns, bringing the
released version of piuparts back in line with current Debian development.

Finally, there is a new mailinglist, piuparts-reports, which receives mails
from the master/slave setup running on piatti.debian.org, thus making it
possible to follow, debug and improve this service more easily:

http://lists.alioth.debian.org/mailman/listinfo/piuparts-reports

Please check the file TODO in the sources for plans for further changes coming
hopefully soon! And thanks for reading this far and for improving Debians
quality further!

cheers,
Holger

Topics covered in this issue include:

* Debian ahead on web servers
* Dummy web server in Debian?
* Aptitude strikes back
* About donations to Debian
* Armhf status in Debian
* IGMP denial of service in Linux
* Interviews
* Other news
* Upcoming events
* New Debian Contributors
* Release-Critical bug statistics for the upcoming release
* Status of Debian Installer localisation
* Important Debian Security Advisories
* New and noteworthy packages
* Work-needing packages
* Want to continue reading DPN?

Debian ahead on web servers
—————————

According to a recent W3Techs survey [1], Debian has just surpassed CentOS to
become the most popular GNU/Linux distribution on web servers. The survey is
based on the analysis of the top million web sites according to Alexa, in order
to select a representative sample of established sites, and focused only on the
technologies used for web sites (and not individual web pages or desktop
installations). In fact, at the beginning of 2012, Debian was used by 29.4% of
all Linux-based sites (and by 9.7% of all web sites), while CentOS was used by
29.1% of all Linux-based sites (and by 9.5% of all web sites). Debian “is also
the fastest growing operating system at the moment: every day 54 of the top 1
million sites switch to Debian” , said Matthias Gelbmann in the article. With
regard to the geographical distribution of web sites using Debian, the most are
in Europe (with 39.7% of all sites in Germany, 36.1% in Poland, 33.6% in France
and 26.4% in Russia).

1 : http://w3techs.com/blog/entry/debian_is_now_the_most_popular_linux_distribution_on_web_servers

Dummy web server in Debian?
—————————

Thomas Goirand recently proposed to relax or even remove some dependencies [2]
of web applications on a web server package. This would help users wanting to
install such web applications in chroots, while the web server is installed
only outside the chroot. During the following discussion, several solutions
were proposed, such as providing a dummy web server package in Debian. It was
pointed out that such dummy packages are actually very easy to create with the
equivs [3] package, which deserves to be better known.

2 : http://lists.debian.org/debian-devel/2012/01/msg00148.html
3 : http://packages.debian.org/equivs

Aptitude strikes back
———————

Christian Perrier blogged about the recent revival of the aptitude package
manager [4]. As the main maintainer had less time to dedicate to it, the number
of bugs against aptitude was continually growing and reached more than 800. But
last November, Daniel Harwig and Manuel A. Fernandez Montecelo started working
on it, triaging bugs and preparing a possible new version. If you want to help
them, join the aptitude-devel [5] mailing list on Alioth.

4 : http://www.perrier.eu.org/weblog/2012/01/14#aptitude-revival
5 : http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/aptitude-devel

About donations to Debian
————————-

Stefano Zacchiroli blogged about how donations to Debian are used by the
project [6]. First of all, Stefano explained how money is used in the Debian
Project: to buy hardware and hardware-related services for Debian
infrastructure, to sponsor contributor sprints, or to support travel expenses
in order to allow Debian Developers to represent Debian at conferences and
meetings. Then, Stefano noted that almost all donations to Debian come from
private citizens and not from big corporate sponsors: corporates mostly sponsor
DebConf (the Debian annual conference). At the end, Stefano pointed out that
it’s possible to check how Debian spends donated money: by reading the minutes
of SPI monthly meetings [7] or the list of sprints [8], visiting the DPL wiki
page [9] and consulting the DebConf reports [10]. Stefano also added that over
the next month he will be working to further improve the transparency of
Debian’s budget.

6 : http://upsilon.cc/~zack/blog/posts/2012/01/debian_donations-fu/
7 : http://www.spi-inc.org/meetings/minutes/
8 : http://wiki.debian.org/Sprints
9 : http://wiki.debian.org/Teams/DPL
10 : http://media.debconf.org/

On the subject of Debian’s usage of money, Yves-Alexis Perez proposed to
advocate hardware sponsoring [11]. Since asking for money for oneself is not
always the first reflex, he proposed to turn the offer the other way around: if
you believe that a Debian Developer could use some money for hardware purposes,
you should raise your voice and propose it yourself, in case the developer was
too shy to ask, for example.

11 : http://www.corsac.net/?rub=blog&post=1541

Armhf status in Debian
———————-

Steve McIntyre blogged about the status of the armhf port in Debian [12]. Since
mid-2011, he has been working on armhf as a new architecture in “debian-ports”
; then in December it was imported into the main Debian archive. The current
state of auto-building can be viewed at thearmhf buildd status page [13].

12 : http://blog.einval.com/2012/01/09
13 : https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid

IGMP denial of service in Linux
——————————-

Ben Hutchings wrote an interesting report on a security issue in Linux [14]
found by himself while working on bug #654876 [15]. As his laptop running Linux
3.0 or 3.1 crashed repeatedly, Simon McVittie — the bug submitter —
thought it could be a driver bug. But, analysing the log of the crash, Ben
noted that “a packet received through the wireless interface was being
processed by IGMP, which then divided by zero.” IGMP packets are used to
support multicast routers: as Ben explained, “every multicast address
corresponds to a dynamic set of hosts, called a multicast group” . In order to
know which hosts belong to which groups, the router sends packets and the
computer replies at intervals. There are three different versions of the IGMP
protocol used to define the Maximum Response Time (MRT) of the computer. Ben
found that the crash was caused by a division by 0 of packets with an MRT of 0.
The patch is included in Linux 3.0.17, 3.1.9, 3.2.1, and the Debian packaged
version 3.1.8-2. Well done, Ben!

14 : http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html
15 : http://bugs.debian.org/654876

Interviews
———-

There has been one
“People behind Debian” interview: withSteve McIntyre [16] (Debian CD
maintainer and former Debian Project Leader).

16 : http://raphaelhertzog.com/2012/01/13/people-behind-debian-steve-mcintyre-debian-cd-maintainer-former-debian-project-leader/

Other news
———-

Gerfried Fuchs wrote an interesting article about a Release Critical
bug-squashing effort for Stable [17]. Stable RC bugs are often not noted, as
people usually concentrate on Unstable RC bugs, but – as Gerfried noted – “it
is one of our supported releases and thus should receive quite some attention,
at least by the corresponding package maintainers themself.”

17 : http://rhonda.deb.at/blog/2012/01/19

Enrico Zini announced that the Debtags web site also works for derivative
distributions [18]: the site now shows packages from Ubuntu too, and can be
extended to all Debian derivatives.

18 : http://www.enricozini.org/2012/debian/debtags-for-derivatives/

Upcoming events
—————

There are several upcoming Debian-related events:

* February 1, irc.freenode.org, #ubuntu-classroom, — [19] “Working with
Debian” , an online workshop by Ian Laine and Stefano Rivera
* February 4-5, Brussels, BE — Debian booth and several Debian-related talks
atFree and Open Source Developers’ European Meeting (FOSDEM) [20]
* February 17-19, Paris, FR —Debian Bug Squashing Party [21]

You can find more information about Debian-related events and talks on the
events section [22] of the Debian web site, or subscribe to one of our events
mailing lists for different regions: Europe [23], Netherlands [24], Hispanic
America [25], North America [26].

19 : https://wiki.ubuntu.com/UbuntuDeveloperWeek/Timetable
20 : http://www.debian.org/News/2012/20120120
21 : http://wiki.debian.org/BSP2012/Paris
22 : http://www.debian.org/events
23 : http://lists.debian.org/debian-events-eu
24 : http://lists.debian.org/debian-events-nl
25 : http://lists.debian.org/debian-events-ha
26 : http://lists.debian.org/debian-events-na

Do you want to organise a Debian booth or a Debian install party? Are you aware
of other upcoming Debian-related events? Have you delivered a Debian talk that
you want to link to on our talks page [27]? Send an email to the Debian Events
Team [28].

27 : http://www.debian.org/events/talks
28 : mailto:events@debian.org

New Debian Contributors
———————–

Eight applicants have been accepted [29]
as Debian Developers, one applicant has been accepted [30]
as Debian Maintainer, and fourteen people have started to maintain
packages [31] since the previous issue of the Debian
Project News. Please welcome Intrigeri, Ryan Kavanagh, Daisuke Higuchi,
Tanguy Ortolo, Angel Abad, Harshula Jayasuriya, Loong Jin Chow, Iulian Udrea,
Mahyuddin Susanto, Jean-Michel Vourgère, Andrei Zavada, Dean Evans, Zbigniew
Jędrzejewski-Szmek, Kay Hayen, Olivier Aubert, Hendrik Tews, Leonardo Robol,
Dmitry Smirnov, J. Félix Ontañón, Benedict Verhegghe, Tobias Frost,
Christoph Reiter and Chris Coulson
into our project!

29 : https://nm.debian.org/nmlist.php#newmaint
30 : http://lists.debian.org/debian-project/2011/12/msg00061.html
31 : http://udd.debian.org/cgi-bin/new-maintainers.cgi

Release-Critical bug statistics for the upcoming release
——————————————————–

According to the Bugs Search interface of the Ultimate Debian Database
[32], the upcoming release,
Debian 7.0 “Wheezy” , is currently affected by 736 Release-Critical
bugs. Ignoring bugs which are easily solved or on the way to being solved,
roughly speaking, about 495 Release-Critical bugs remain to be solved for the
release to happen.

32 : http://udd.debian.org/bugs.cgi

There are also more detailed statistics [33] as well as some hints on
how to interpret [34] these numbers.

33 : http://blog.schmehl.info/Debian/rc-stats/7.0-wheezy/2012-03
34 : http://wiki.debian.org/ProjectNews/RC-Stats

Status of Debian Installer localisation
—————————————

In his last report on Debian Installer localisation [35], Christian Perrier
noted that twenty-two languages are currently up to date for D-I’s core files;
ten (Czech, German, Spanish, French, Italian, Kazakh, Dutch, Portuguese,
Russian and Slovak) are 100% complete for the moment.

35 : http://www.perrier.eu.org/weblog/2012/01/19#di-l10n-update-2012-05

Important Debian Security Advisories
————————————

Debian’s Security Team recently released
advisories for these packages (among others): cacti [36], pdns [37],
openttd [38], simplesamlphp [39], t1lib [40], linux-2.6 [41], openssl [42] and
phpmyadmin [43].
Please read them carefully and take the proper measures.

36 : http://www.debian.org/security/2012/dsa-2384
37 : http://www.debian.org/security/2012/dsa-2385
38 : http://www.debian.org/security/2012/dsa-2386
39 : http://www.debian.org/security/2012/dsa-2387
40 : http://www.debian.org/security/2012/dsa-2388
41 : http://www.debian.org/security/2012/dsa-2389
42 : http://www.debian.org/security/2012/dsa-2390
43 : http://www.debian.org/security/2012/dsa-2391

Debian’s Backports Team released an advisory for the openswan [44]
package.
Please read them carefully and take the proper measures.

44 : http://lists.debian.org/debian-backports-announce/2012/01/msg00000.html

Please note that these are a selection of the more important security
advisories of the last weeks. If you need to be kept up to date about security
advisories released by the Debian Security Team, please subscribe to the
security mailing list [45] (and the separate backports list [46], and stable
updates list [47] or volatile list [48], for “Lenny” , the oldstable
distribution) for announcements.

45 : http://lists.debian.org/debian-security-announce/
46 : http://lists.debian.org/debian-backports-announce/
47 : http://lists.debian.org/debian-stable-announce/
48 : http://lists.debian.org/debian-volatile-announce/

New and noteworthy packages
—————————

587 packages were added to the unstable Debian archive recently. Among many
others [49] are:

49 : http://packages.debian.org/unstable/main/newpkg

* dia-shapes — diagram editor [50]
* freeciv-client-extras — Civilization turn based strategy game (additional
scripts and tools) [51]
* kfreebsd-headers-9.0-1-686 — header files for kernel of FreeBSD 9.0 [52]
* xul-ext-refcontrol — control what gets sent as the HTTP Referer on a
per-site basis [53]
* advene — annotate DVDs, exchange on the net [54]
* clinica — simple medical records manager [55]
* gedit-source-code-browser-plugin — source code class and function browser
plugin for Gedit [56]
* googlefontdirectory-tools — various tools for generating, analysing and
manipulating font files [57]
* linux-source-3.2 — Linux kernel source for version 3.2 with Debian patches
[58]
* mediainfo — command-line utility for reading information from audio/video
files [59]
* mplayer-gui — movie player for Unix-like systems [60]
* sparkleshare — distributed collaboration and sharing tool [61]

50 : http://packages.debian.org/unstable/main/dia-shapes
51 : http://packages.debian.org/unstable/main/freeciv-client-extras
52 : http://packages.debian.org/unstable/main/kfreebsd-headers-9.0-1-686
53 : http://packages.debian.org/unstable/main/xul-ext-refcontrol
54 : http://packages.debian.org/unstable/main/advene
55 : http://packages.debian.org/unstable/main/clinica
56 : http://packages.debian.org/unstable/main/gedit-source-code-browser-plugin
57 : http://packages.debian.org/unstable/main/googlefontdirectory-tools
58 : http://packages.debian.org/unstable/main/linux-source-3.2
59 : http://packages.debian.org/unstable/main/mediainfo
60 : http://packages.debian.org/unstable/main/mplayer-gui
61 : http://packages.debian.org/unstable/main/sparkleshare

Work-needing packages
———————

Currently 396 packages are orphaned [62] and 149 packages are up for
adoption [63]: please visit the complete
list of packages which need your help [64].

62 : http://www.debian.org/devel/wnpp/orphaned
63 : http://www.debian.org/devel/wnpp/rfa
64 : http://www.debian.org/devel/wnpp/help_requested

Want to continue reading DPN?
—————————–

Please help us create this newsletter. We still need more volunteer writers to
watch the Debian community and report about what is going on. Please see the
contributing page [65] to find out how to help. We’re looking forward to
receiving your mail at debian-publicity@lists.debian.org [66].

65 : http://wiki.debian.org/ProjectNews/HowToContribute
66 : mailto:debian-publicity@lists.debian.org

This issue of Debian Project News was edited by Francesca Ciceri, Andrei
Popescu, David Prévot and Justin B Rye [67].

67 : mailto:debian-publicity@lists.debian.org