Discussion:
News/weekly/2005/47/index.wml [part 1]
(too old to reply)
Kobayashi Noritada
2005-11-28 03:41:51 UTC
Permalink
$B>.NS$G$9!#(B

$B$^$?:#=5$bCY$/$J$C$F$7$^$$$^$7$?$,!"(B
DWN 2005-47 $B$N=xHW5-;v(B 4 $BK\$H(B Security Updates $B>pJs$rLu$7$^$7$?!#(B
$B::FI$r$*4j$$$$$?$7$^$9!#(B

$B:#=59f$O!"C18l$,$d$?$i$HFq$7$a$G(B ($B$=$l$OFbMF$N$;$$$+$b$7$l$^$;$s$,(B)$B!"(B
$BFq;:$G$7$?!D!D!#(B
$B3F=j$G0U?^$J$I$r<($9$?$a$K%3%a%s%H$r$+$J$jBgNL$KF~$l$F$"$j$^$9!#(B
$B%X%C%@(B ($B%5%^%j$J$I(B) $B$NItJ,$K$b86J8!&%3%a%s%H$rF~$l$F$"$j$^$9!#(B
$BKhEYKhEY$N$3$H$G$9$,!"$h$m$7$/$*4j$$$$$?$7$^$9!#(B
--
|: Noritada KOBAYASHI
|: Dept. of General Systems Studies,
|: Graduate School of Arts and Sciences, Univ. of Tokyo
|: E-mail: ***@dolphin.c.u-tokyo.ac.jp (preferable)
|: ***@esa.c.u-tokyo.ac.jp
|: Key fingerprint = AB26 9533 81DA 997B 3C06 4380 19BB ADA0 695C 9F53


#use wml::debian::weeklynews::header PUBDATE="2005-11-22" SUMMARY="Packaging, Disclosing, Delegations, Debtags, Events, Testing, Archive, Alioth, License"
# * 'Disclosing' $B$O!V3+<(!W$H$7$^$7$?!#(B
# 'Declassification of private Mails.' $B$N$3$H$r;X$7$F$$$k$N$@$H;W$$$^$9!#(B
# $B$3$NC18l$NB>$K$b!":#9f$K$OFq$7$a$NC18l$,$d$?$i$HB?$$$G$9!D!D!#(B
# * 'Testing' $B$O(B 'Automated Testing for Packages.' $B$r;X$7$F$$$k$N$G!"(B
# $B!V%F%9%H!W$H$7$^$7$?!#(B
#use wml::debian::weeklynews::header PUBDATE="2005-11-22" SUMMARY="$B%Q%C%1!<%82=(B, $B3+<((B, $B0QG$(B, Debtags, $B%$%Y%s%H(B, $B%F%9%H(B, $B%"!<%+%$%V(B, Alioth, $B%i%$%;%s%9(B"
#use wml::debian::translation-check translation="1.7"

<p>Welcome to this year's 47th issue of DWN, the weekly newsletter for the
Debian community. Nathanael Nerode <a
href="http://lists.debian.org/debian-devel/2005/10/msg01131.html">observed</a>
that the new C++ libraries are not transitioning to testing due to a rash of
dependent uploads and has requested that maintainers hold off from uploading
dependent packages that will contribute to the clog. Guillem Jover <a
href="http://lists.debian.org/debian-devel/2005/10/msg01195.html">proposed</a>
to <a href="http://bugs.debian.org/90989">split</a> dependency lines in the
source control files for improved readability. Andreas Tille <a
href="http://lists.debian.org/debian-jr/2005/11/msg00003.html">reported</a>
about a free <a href="http://www.klixxa.de/">Live CD</a> aiming at
children.</p>

# * 'rash' $B$OF|K\8l$G$b!V!A%i%C%7%e!W$H%+%?%+%J$G;H$o$l$k$3$H$,B?$$5$$,$9$k$N$G(B
# $B$=$N$^$^$K$7$^$7$?!#$"$($F=O8l(B ($B$"$k$$$O=$>~8l(B) $B$K$9$k$J$i!V!A$NIQH/!W(B
# $B!VIQH/$9$k!A!W!"$"$k$$$O$=$l$K;w$?***@MU$H$J$k$N$G$7$g$&!D!D!#(B

<p>Debian $B%3%_%e%K%F%#$N$?$a$N=54)%K%e!<%9%l%?!<!"(BDebian
$B%&%#!<%/%j!<%K%e!<%9$N:#G/$NBh(B 47 $B9f$X$h$&$3$=!#(BNathanael Nerode $B$5$s$O!"(B
$B0MB8%Q%C%1!<%8$N%"%C%W%m!<%I%i%C%7%e$N$?$a$K?7$7$$(B C++ $B%i%$%V%i%j$,%F%9%HHG(B
(testing) $B$KF~$l$:$K$$$k>u67$r(B<a
href="http://lists.debian.org/debian-devel/2005/10/msg01131.html">$B4Q;!$7(B</a>$B!"(B
$B>c32$K7R$,$k$h$&$J0MB8%Q%C%1!<%8$N%"%C%W%m!<%I$r%a%s%F%J$OHr$1$k$h$&!"(B
$***@A$7$^$7$?!#(BGuillem Jover $B$5$s$O!"%=!<%9%Q%C%1!<%8$N(B control
$B%U%!%$%k$N2DFI@-$r>e$2$k$?$a!"0MB84X78$r5-$7$?9T$r(B<a
href="http://bugs.debian.org/90989">$BJ,3d$9$k(B</a>$B$h$&(B<a
href="http://lists.debian.org/debian-devel/2005/10/msg01195.html">\
$BDs0F$7$^$7$?(B</a>$B!#(BAndreas Tille $B$5$s$O!";R6!8~$1$N%U%j!<$N(B<a
href="http://www.klixxa.de/">$B%i%$%V(B CD</a>$B$K$D$$$F(B<a
href="http://lists.debian.org/debian-jr/2005/11/msg00003.html">\
$BJs9p$7$^$7$?(B</a>$B!#(B</p>

<p><strong>Standard C++ Library Modification.</strong> Matthias Klose <a
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00010.html">\
announced</a> that the memory allocator in the standard C++
library will be changed which requires several packages to be rebuilt for
which he has appended a list. The library will be updated by new versions
of the <a href="http://packages.debian.org/gcc-3.4">gcc-3.4</a> and <a
href="http://packages.debian.org/gcc-4.0">gcc-4.0</a> packages. Maintainers
may have to <a
href="http://lists.debian.org/debian-devel-announce/2005/07/msg00001.html">\
rename</a> the binary packages to reflect the new dependency.</p>

# * 'memory allocator' $B$O$=$N$^$^%+%?%+%J$K$7$^$7$?!#(B

<p><strong>$BI8=`(B C++ $B%i%$%V%i%j$NJQ99!#(B</strong>
Matthias Klose $B$5$s$O!"I8=`(B C++ $B%i%$%V%i%jFb$N%a%b%j%"%m%1!<%?$,JQ99$5$l$k$N$G!"(B
$BE:IU$7$?0lMwI=$K:\$C$F$$$k$$$/$D$+$N%Q%C%1!<%8$O:F%S%k%I$,I,MW$H$J$k!"$H(B<a
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00010.html">\
$BH/I=$7$^$7$?(B</a>$B!#%i%$%V%i%j$O!"(B<a href="http://packages.debian.org/gcc-3.4">\
gcc-3.4</a> $B$*$h$S(B <a href="http://packages.debian.org/gcc-4.0">gcc-4.0</a>
$B%Q%C%1!<%8$N?7%P!<%8%g%s$NF3F~$K$h$j99?7$5$l$^$9!#%a%s%F%J$O!"(B
$B?7$7$$0MB84X78$rH?1G$5$;$k$?$a$K%P%$%J%j%Q%C%1!<%8$N(B<a
href="http://lists.debian.org/debian-devel-announce/2005/07/msg00001.html">\
$BL>A0$rJQ99(B</a>$B$7$J$1$l$P$J$i$J$$$+$b$7$l$^$;$s!#(B</p>

<p><strong>Declassification of private Mails.</strong> Anthony Towns <a
href="http://lists.debian.org/debian-vote/2005/11/msg00001.html">proposed</a>
a general resolution to open the archives of the debian-private list to the
public after three years. A declassification team should be delegated to
extract financial information about individuals and mails of no historical
relevance. Authors and recipients should be given a period to comment on the
publication.</p>

# * $B%?%$%H%k$N(B 'private' $B$OF,$,(B capital $B$G$J$$$3$H$+$i(B debian-private $B$r(B
# $B;X$9$b$N$@$H9M$($i$l$k$N$G$=$N$^$^$K$7$^$7$?$,!"F|K\8l$N!V%W%i%$%Y!<%H!W(B
# $B$H$O<c430UL#$,0[$J$k$N$G0l1~!V(B($BHs8x3+(B)$B!W$H2C$($F$_$^$7$?!#(B
# * 'after three years' $B$O!":#$+$i(B 3 $BG/8e$G$O$J$/%a!<%k$,Ej9F$5$l$F$+$i(B 3 $BG/8e(B
# $B$N$h$&$J$N$G$=$&Lu$7$^$7$?!#(B
# * 'historical relevance' $B$O!"!V(BDebian $B$NNr;K$H$N4XO"!W!V(BDebian $B$NNr;K$N>e(B
# $B$G$N=EMW@-!W$H$$$C$?$b$N$@$H2r<a$5$l$k$N$G!"$=$&Lu$7$^$7$?!#(B

<p><strong>private ($BHs8x3+(B) $B%a!<%j%s%0%j%9%H$N5!L)2r=|!#(B</strong>
Anthony Towns $B$5$s$O!"Ej9F8e(B 3 $BG/$,7P2a$7$?$i(B debian-private
$B%a!<%j%s%0%j%9%H$N%"!<%+%$%V$r0lHL$N?M!9$K3+<($9$k!"$H$$$&0lHL7h5D0F$r(B<a
href="http://lists.debian.org/debian-vote/2005/11/msg00001.html">\
$BDs5D$7$^$7$?(B</a>$B!#8D?M$N:bL3>pJs$d!"(BDebian
$B$NNr;K$H$N4XO"@-$N$J$$%a!<%k$rCj=P$7$F<h$j=|$/$?$a$K!"(B
$B5!L)2r=|%A!<%`$,0QG$$5$l$k$G$7$g$&!#Cx<T$d<u<h?M$K$O!"(B
$B8x3+$K4X$7$F%3%a%s%H$9$k4|4V$,M?$($i$l$k$G$7$g$&!#(B</p>

<p><strong>Project Leader Delegations.</strong> Branden Robinson released a <a
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00009.html">\
document</a> explaining how project leader delegations work. The <a
href="$(HOME)/devel/constitution">constitution</a> suggests that there may be
other powers which the project leader may not directly wield, and which they
must delegate instead. If a particular decision is delegated, the project
leader cannot take back responsibility for the decision personally, but can
re-delegate it to someone else.</p>

# * $B%?!<%2%C%H$,J8=q$J$N$G!"(B'release' $B$O!V8x3+!W$H$7$^$7$?!#(B
# * 'other powers' $B$,2?$KBP$7$F(B other $B$J$N$+$OFC$***@5-$5$l$F$$$^$;$s$,!"(B
# $B%j!<%@$H$$$&N)>l$,EvA3$J$,$i$b$D8"NO$NB>$K!"$H$$$&0UL#$@$H;W$o$l$k$N$G!"(B
# $BLu$G$b!V!A$b!W$H$7$F>/$7$@$1<gD%$5$;$^$7$?!#(B

<p><strong>$B%W%m%8%'%/%H%j!<%@$N0QG$!#(B</strong>
Branden Robinson $B$5$s$O!"(B
$B%W%m%8%'%/%H%j!<%@$N0QG$$,$I$N$h$&$K5!G=$9$k$+$***@bL@$7$?(B<a
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00009.html">\
$BJ8=q(B</a>$B$r8x3+$7$^$7$?!#(B<a href="$(HOME)/devel/constitution">$B7{>O(B</a>$B$G$O!"(B
$B%W%m%8%'%/%H%j!<%@!<$,D>@\9T;H$7$F$O$$$1$J$/!"(B
$BBe$o$j$K0QG$$7$J$1$l$P$J$i$J$$8"NO$b$"$k$H$5$l$F$$$^$9!#(B
$B2?$i$+$N7hDj8"$r0QG$$9$k>l9g%W%m%8%'%/%H%j!<%@$O!"(B
$B$J$5$l$k7hDj$***@UG$$r8D?ME*$KE12s$9$k$3$H$O$G$-$^$;$s$,!"(B
$BJL$N?M$K$=$l$r:F0QG$$9$k$3$H$O2DG=$G$9!#(B</p>

<p><strong>Security Updates.</strong> You know the drill. Please make sure
that you update your systems if you have any of these packages installed.</p>

<p><strong>$B%;%-%e%j%F%#>e$N99?7!#(B</strong>
$B$$$D$b$N<j=g$O$4B8CN$G$7$g$&!#(B
$B$b$7$3$l$i$N%Q%C%1!<%8$,$R$H$D$G$b%$%s%9%H!<%k$5$l$F$$$?$i!"(B
$B%7%9%F%`$r99?7$7$F$/$@$5$$!#(B</p>

<ul>
<li>DSA 898: <a href="$(HOME)/security/2005/dsa-898">phpgroupware</a> --
Several vulnerabilities.
$BJ#?t$***@H<e@-!#(B
<li>DSA 899: <a href="$(HOME)/security/2005/dsa-899">egroupware</a> --
Several vulnerabilities.
$BJ#?t$***@H<e@-!#(B
<li>DSA 900: <a href="$(HOME)/security/2005/dsa-900">fetchmail</a> --
Potential information leak.
# $B!V(Bpotential ...$B!W$O!***@x:_E*$J!D!D!W$H!V!D!D$N2DG=@-!W$N$I$A$i$,$h$$$+(B?
$B>pJsO31L$N2DG=@-!#(B
<li>DSA 901: <a href="$(HOME)/security/2005/dsa-901">gnump3d</a> --
Several vulnerabilities.
$BJ#?t$***@H<e@-!#(B
<li>DSA 902: <a href="$(HOME)/security/2005/dsa-902">xmail</a> --
Arbitrary code execution.
$BG$0U$N%3!<%I$N<B9T!#(B
<li>DSA 903: <a href="$(HOME)/security/2005/dsa-903">unzip</a> --
Unauthorised permissions modification.
# $B!V(Bpermission$B!W$O!V%Q!<%_%C%7%g%s!W$H!V5v2DB0@-!W$H!V8"8B!W$N$I$l$,$h$$$+(B?
$BG'>Z$5$l$F$$$J$$%Q!<%_%C%7%g%sJQ99!#(B
<li>DSA 904: <a href="$(HOME)/security/2005/dsa-904">netpbm-free</a> --
Arbitrary code execution.
$BG$0U$N%3!<%I$N<B9T!#(B
<li>DSA 905: <a href="$(HOME)/security/2005/dsa-905">mantis</a> --
Several vulnerabilities.
$BJ#?t$***@H<e@-!#(B
<li>DSA 906: <a href="$(HOME)/security/2005/dsa-906">sylpheed</a> --
Arbitrary code execution.
$BG$0U$N%3!<%I$N<B9T!#(B
</ul>
SUGIYAMA Tomoaki
2005-11-28 04:07:31 UTC
Permalink
$B?y;3$G$9!#(B
$B!t(B $B$d$C$Q$jLu$N$3$H$G$O$J$$$N$G$9$,!$$H$j$"$($:0lE@$@$1!#(B

From: Kobayashi Noritada
Date: Mon, 28 Nov 2005 12:41:51 +0900
In "debian-www : 08669"
Post by Kobayashi Noritada
$B>.NS$G$9!#(B
$B$^$?:#=5$bCY$/$J$C$F$7$^$$$^$7$?$,!"(B
DWN 2005-47 $B$N=xHW5-;v(B 4 $BK\$H(B Security Updates $B>pJs$rLu$7$^$7$?!#(B
$B::FI$r$*4j$$$$$?$7$^$9!#(B
(snip)
Post by Kobayashi Noritada
<p>Debian $B%3%_%e%K%F%#$N$?$a$N=54)%K%e!<%9%l%?!<!"(BDebian
$B%&%#!<%/%j!<%K%e!<%9$N:#G/$NBh(B 47 $B9f$X$h$&$3$=!#(BNathanael Nerode $B$5$s$O!"(B
(snip)
href="http://www.klixxa.de/">$B%i%$%V(B CD</a>$B$K$D$$$F(B<a
$B",$3$3$K6uGr$,$"$C$?J}$,$h$$$+$H!#(B

href="http://lists.debian.org/debian-jr/2005/11/msg00003.html">\
Post by Kobayashi Noritada
$BJs9p$7$^$7$?(B</a>$B!#(B</p>
--
$B?y;3M'>O(B
SUGIYAMA Tomoaki
2005-11-28 14:42:49 UTC
Permalink
$B?y;3$G$9!#(B
$B!t(B $B$^$H$a$F$8$c$J$/$F$9$_$^$;$s!#$?$C$?:#!$5$$,$D$$$?J,$@$1!D!D!#(B

From: Kobayashi Noritada
Date: Mon, 28 Nov 2005 12:41:51 +0900
In "debian-www : 08669"
Post by Kobayashi Noritada
$B>.NS$G$9!#(B
DWN 2005-47 $B$N=xHW5-;v(B 4 $BK\$H(B Security Updates $B>pJs$rLu$7$^$7$?!#(B
$B::FI$r$*4j$$$$$?$7$^$9!#(B
(snip)
Post by Kobayashi Noritada
Branden Robinson $B$5$s$O!"(B
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00009.html">\
Post by Kobayashi Noritada
$BJ8=q(B</a>$B$r8x3+$7$^$7$?!#(B<a href="$(HOME)/devel/constitution">$B7{>O(B</a>$B$G$O!"(B
$BBe$o$j$K0QG$$7$J$1$l$P$J$i$J$$8"NO$b$"$k$H$5$l$F$$$^$9!#(B
$BJL$N?M$K$=$l$r:F0QG$$9$k$3$H$O2DG=$G$9!#(B</p>
--
$B?y;3M'>O(B
Nobuhiro IMAI
2005-11-29 11:13:15 UTC
Permalink
$B$$$^$$$G$9!#(B

From: SUGIYAMA Tomoaki <tomos_at_webmasters.gr.jp>
Date: Mon, 28 Nov 2005 23:42:49 +0900
Post by Kobayashi Noritada
Post by Kobayashi Noritada
Branden Robinson $B$5$s$O!"(B
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00009.html">\
Post by Kobayashi Noritada
$BJ8=q(B</a>$B$r8x3+$7$^$7$?!#(B<a href="$(HOME)/devel/constitution">$B7{>O(B</a>$B$G$O!"(B
leader /$B%j!<%@!<(B/
reader /$B%j!<%@(B/

$B$@$C$?$+$J!)<+J,$G8@$C$F$k$@$1$G$9$,!#(B
http://lists.debian.or.jp/debian-www/200302/msg00073.html
--
Nobuhiro IMAI <***@yo.rim.or.jp>
Key fingerprint = F39E D552 545D 7C64 D690 F644 5A15 746C BD8E 7106
TAKEI Nobumitsu
2005-11-29 13:31:36 UTC
Permalink
$B%?%1%$$G$9!%(B
delegation $B0J30$O%A%'%C%/$G$-$F$$$?$N$G!$$=$l$@$1$G$b=P$;$PNI$+$C$?!D(B
delegation $B$K$F$3$:$j$^$7$?!%(B

Mon, 28 Nov 2005 12:41:51 +0900
Post by Kobayashi Noritada
DWN 2005-47 $B$N=xHW5-;v(B 4 $BK\$H(B Security Updates $B>pJs$rLu$7$^$7$?!#(B
$B::FI$r$*4j$$$$$?$7$^$9!#(B
Security Updates $B$O$+$M$3$5$s$NLu$r;29M$K$9$l$P!$:n6H$,B.$/$9$9$`$N$G$O!)(B
Post by Kobayashi Noritada
<p><strong>Project Leader Delegations.</strong> Branden Robinson released a <a
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00009.html">\
document</a> explaining how project leader delegations work. The <a
href="$(HOME)/devel/constitution">constitution</a> suggests that there may be
other powers which the project leader may not directly wield, and which they
must delegate instead. If a particular decision is delegated, the project
leader cannot take back responsibility for the decision personally, but can
re-delegate it to someone else.</p>
Branden Robinson $B$5$s$O!"(B
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00009.html">\
$BJ8=q(B</a>$B$r8x3+$7$^$7$?!#(B<a href="$(HOME)/devel/constitution">$B7{>O(B</a>$B$G$O!"(B
$B9T;H$7$F$O$J$i$:!"(B or $B9T;H$G$-$:!"(B
$B$N$[$&$,<+A3$+$H;W$$$^$9!%(B

$B$=$l$+$i!$(B delegatiton $B$O!V(B($B8"8B(B)$B0\>y!W$HLu$9$H%+%C%3$$$$$J$"$H;W$$$^$7$?!%(B
Post by Kobayashi Noritada
$BBe$o$j$K0QG$$7$J$1$l$P$J$i$J$$8"NO$b$"$k$H$5$l$F$$$^$9!#(B
$B%W%m%8%'%/%H%j!<%@!<$K$O!$K\?M$OD>@\9T;H$G$-$:!$B>?M$K0\>y$7$J$1$l$P(B
$B$J$i$J$$8"8B$,$"$k$H$5$l$F$$$k!%(B

$B$H$$$&46$8$+$7$i!%!V!D$b!W$H$O$7$F$$$^$;$s!%(B
$B!D>l9g!"%W%m!D(B
Post by Kobayashi Noritada
$BJL$N?M$K$=$l$r:F0QG$$9$k$3$H$O2DG=$G$9!#(B</p>
$B!***@UG$$rE12s!W$C$F$I$&$$$&0UL#$+$7$i!)(B($B$G$b$=$N$h$&$K$7$+Lu$;$J$$$h(B
$B$&$K8+$($k86J8$@$7$J$"(B)
$B!D!D$3$3!$$A$g$C$H?<$a$KFI$s$G$_$^$9!%(B

$B$^$:$O(B Branden $B$N%a!<%k$+$i3:EvItJ,$r0zMQ"-(B
| 5. If the DPL delegates a particular decision, he or she cannot retake
| responsibility for the decision personally, but can re-delegate it to
| someone else.[1]
| ($B!x(B5.1.1, $B!x(B8.2)
($BCfN,(B)
| [1] One might argue that the prohibition on rescinding delegation of
| a particular decision is tied the individual(s) to whom it is given,
| rather than the decision in question. This is important if the
| person or people to whom the decision is delegated prove unable to
| make it. This is another variant on the old "what if Linus
| (Torvalds) gets hit by a bus?" problem. One developer has told me
| that my interpretation poses a different threat, however: "It looks
| like you're going to decide this one issue in a way I don't like, so
| I'll take it away and give the decision to someone who will decide
| it the way I want to." Why a Leader would do this, or how he or she
| could expect to get away with it, is not clear to me, but this
| scenario is not impossible. If this ever proves to be a
| non-hypothetical problem, I would ask for the Project Secretary's
| interpretation of the Constitution.

rather than the decision in question $B$N(B the decision $B$,2?$HF13J$K$J$C(B
$B$F$$$k$N$+J,$+$i$J$+$C$?$N$G$9$,!$$3$l$h$jA0$G(B the $B$rA0CV$9$kL>;l$O(B
individual(s) $B$7$+$J$$$N$G!$$=$&9M$($k$H!$(B
"the individual $BN,(B, rather than the decision" $B$O!V7hDj$G$O$J$/8D?M!W(B
$B$H2r<a$G$-$^$9!%$7$+$7!$$h$/$o$+$i$s$J!%(B

$BBh(B1$BJ8$+$i$*$*$6$C$Q$KLu$9$H"-(B

$BEv$N7hDj$G$O$J$/!$8"8B$,M?$($i$l$?8D?M$,FCDj$N7hDj$r$9$k$3$H$K0QG$$5(B
$B$l$?8"8B$r<h$jJV$9(B(rescinding)$B$N$r6X;_$9$k!%(B
$B$3$l$O!$8"NO$r0\>y$5$l$?8D?M(B(person)$B$d?M!9(B(people)$B$,$=$l$r40?k$G$-$J(B
$B$$$H>ZL@$5$l$?$H$-$K=EMW$H$J$k!%(B
Linus $B$,%P%9$Km`$+$l$A$c$C$?$i$I$&$7$h$&LdBj$N?7<o$@!%(B
$B$"$k3+H/<T$,8@$&$K$O!$;d$NK]0F$O0[$J$k6<0R$r$R$-$*$3$9!$$D$^$j!$(B
$B!V;d$,9%$^$J$$J}K!$GLdBj$,7hDj$5$l$h$&$H$7$F$$$?$i!$(B
$B;d$O7hDj8"$r<h$j5n$j!$;d$,9%$`J}K!$G7hDj$9$k$@$m$&C/$+$K7hDj8"$r$"$:$1$k!W(B

$B$H$$$&$3$H$+$J$"!%(B

$B86J8$KLa$j$^$9!%(B
Post by Kobayashi Noritada
If a particular decision is delegated, the project
leader cannot take back responsibility for the decision personally, but can
re-delegate it to someone else.</p>
$B$N1QJ8$rF|K\8l$G8@$$$+$($k$H$3$&$$$&$3$H$+$7$i$s!%(B

$BLdBj$rBP=h$rC/$+$KMj$s$@$1$I!$$=$N?M$KG=NO$,$J$/$C$F40?k$G$-$J$$$HJ,(B
$B$+$C$?$H$-!$(BDPL $B8D?M$KLdBj$,La$C$F$-$F(B DPL $B$,<+J,$GBP=h$9$k$N$O%k!<%k0cH?!%(B
DPL $B$OB>$NC/$+$KLdBj=hM}$r:FEY3d$j?6$k$N$O$G$-$k!%(B

$B$h$C$FLu0F$O0J2<"-(B

$B$"$k7hDj8"$,0\>y$5$l$?$J$i$P!"(B
$B%W%m%8%'%/%H%j!<%@!<$O!"$=$N7hDj$KBP$9$***@UL3$r8D?ME*$K$O<h$jLa$;$^$;$s$,!"(B
$B7hDj8"$rB>$NC/$+$K:F0QG$$O$G$-$^$9!#(B
Post by Kobayashi Noritada
<li>DSA 900: <a href="$(HOME)/security/2005/dsa-900">fetchmail</a> --
Potential information leak.
$B9NDjE*!&H]DjE*$J%K%e%"%s%9$NN>J}$r4^$`!V2DG=@-!W$h$j$O!$(B
$BH]DjE*$J%K%e%"%s%9$N$_$r4^$`!V$*$=$l!W$H$$$&F|K\8l$b$"$j$^$9!%(B

$B$+$M$3$5$s$N(Bdebian-users:45220 $B$NLu$G$O!$(B
Post by Kobayashi Noritada
<li>DSA 903: <a href="$(HOME)/security/2005/dsa-903">unzip</a> --
Unauthorised permissions modification.
$BG'>Z$5$l$F$$$J$$%Q!<%_%C%7%g%sJQ99!#(B
unauthorised $B$O(B"$B8"8B$,$J$$(B"$B$G$9!%(B

$B$G!$(Bpermission $B$NLu$G$9$,!$!V8"8B!W$@$H%U%!%$%k<+BN$N%U%i%0$G$O$J$/(B
$B$F!$(BPAM $B$H$+$N<B9T5v2D8"8B$b4^$s$G$7$^$$$=$&$K;W$($k$N$G!$(B*$B$3$3$G$O(B*
$B%Q!<%_%C%7%g%s$+5v2DB0@-$N$I$A$i$+$,$$$$$J$"!%(B"$BJQ99(B"$B$NA0$K!V$N!W$,F~$C(B
$B$?$[$&$,KM$O9%$-$G$9!%(B
$B$h$C$F!V8"8B$N$J$$%Q!<%_%C%7%g%s$NJQ99!#!W(Bor$B!V8"8B$N$J$$5v2DB0@-$NJQ99!#!W(B

$B$+$M$3$5$s$N(Bdebian-users:45188$B$G$NLu$G$O!$(B
| $B967b<T$K%"%/%;%98"8B$N$"$k%G%#%l%/%H%jCf$N%U%!(B
| $B%$%k$r?-D%$9$k:]$K!"(Bunzip $B$K(B unzip $BMxMQ%f!<%6$,8"8B$r;}$DJL$N%U%!%$%k$N(B
| $B%Q!<%_%C%7%g%s$NJQ99$r$5$;$k967b$,2DG=$G$9!#(B
$B$H!$!V%Q!<%_%C%7%g%s!W$r;H$C$F$$$^$9!%(B
--
$B%?%1%$%N%V%_%D(B
Nobuhiro IMAI
2005-11-30 03:54:16 UTC
Permalink
$B$$$^$$$G$9!#(B

From: TAKEI Nobumitsu <takei_at_webmasters.gr.jp>
Date: Tue, 29 Nov 2005 22:31:36 +0900
Post by TAKEI Nobumitsu
Security Updates $B$O$+$M$3$5$s$NLu$r;29M$K$9$l$P!$:n6H$,B.$/$9$9$`$N$G$O!)(B
DSA $B$N(B*$BFbMF(B*$B$@$H;29M$K$G$-$k$N$G$9$,!"(BDWN $B$N(B Security Updates $B$K7G:\$5(B
$B$l$F$$$k$N$O!"(BDSA $B$N(B Vulnerability: $B$H$O0c$&$3$H$,$"$k$s$G$9$h$M!#Nc$((B
$B$P(B DSA-908 $B$@$H!"(B

http://www.debian.org/security/

[2005 $BG/(B 11 $B7n(B 23 $BF|(B] DSA-908 sylpheed-claws
buffer overflows

$B$KBP$7$F(B

http://www.debian.org/News/weekly/2005/48/

# DSA 908: sylpheed-claws -- Arbitrary code execution.

$B$H$J$C$F$$$^$9!#$G!"<B:]$N(B DSA $B$O!"(B

http://www.debian.org/security/2005/dsa-908

DSA-908-1 sylpheed-claws -- buffer overflows

$B$G!"(Bdebian-security-announce $B$G$O$d$C$Q$j!"(B

http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00309.html

Vulnerability : buffer overflows

$B!D$C$F!"(BDWN $B$@$10c$&$N$O$J$<!)0JA0?y;3$5$s$,(B org $B$N(B -www $B$KLd$$9g$o$;(B
$B$F$?$h$&$J5$$,$7$^$9$,!"(BDWN $B$N(B Security Updates $B$O$I$3$+$i<h$C$F$-$F$k(B
$B$s$G$7$?$C$1!)(B


$BA08e$7$^$9$,!"(B
Post by TAKEI Nobumitsu
delegation $B$K$F$3$:$j$^$7$?!%(B
$B$3$A$i$O$b$&>/$7FI$s$G$+$i!#$9$$$^$;$s!#(B
--
Nobuhiro IMAI <***@yo.rim.or.jp>
Key fingerprint = F39E D552 545D 7C64 D690 F644 5A15 746C BD8E 7106
Kobayashi Noritada
2005-11-30 05:31:30 UTC
Permalink
$B>.NS$G$9!#(B
Post by Nobuhiro IMAI
Post by TAKEI Nobumitsu
Security Updates $B$O$+$M$3$5$s$NLu$r;29M$K$9$l$P!$:n6H$,B.$/$9$9$`$N$G$O!)(B
$B:#0f$5$s$N$*$C$7$c$C$F$$$k$h$&$K!"K\J8$NLu$,(B DWN $BCf$N%j%9%H9`L\$NK]Lu$K$H$C$F(B
$BI,$:$7$b;29M$K$J$k$H$O8B$i$J$$$N$G$9$,!"0l1~;29M$K$5$;$F$$$?$@$$$F$$$^$9!#(B
$B$=$l$+$i!"$+$M$3$5$s$NLu$G$O$J$$$N$G$9$,!"!V(BSeveral vulnerabilities.$B!W$J$I$N(B
$BIQ=PDj7?6g$,$$$/$D$+$"$k$N$G!"$=$l$i$O(B
($B$3$l$^$G$O$=$N>l$=$N>l$G2a5n$NK]Lu$r;2>H$7$FK]Lu$7$F$$$?$N$G$9$,(B)
$BK]Lu$r<+F02=$7$h$&$H;W$$!"$$$^2a5n$NK]Lu$r$b$H$K%G!<%?$r$^$H$a$F$$$k$H$3$m(B
$B$G$9!#(B
$B$G!"$=$N$^$H$a$N2aDx$G!"(B

* $B!V(Bpotential ...$B!W$O$3$l$^$G$9$Y$F!***@x:_E*$J!D!D!W$HLu$5$l$F$$$?$N$G$9$,!"(B
$B!V!D!D$N2DG=@-!W$N$[$&$,$h$$$+$b$7$l$J$$!#(B
* $B!V(Bpermission$B!W$O!V%Q!<%_%C%7%g%s!W!&!V5v2DB0@-!W!&!V8"8B!W$H$$$C$?Lu$,(B
$B8+$D$+$C$?$N$G$9$,!"$I$l$KE}0l$9$Y$-$+(B?

$B$H$$$C$?$3$H$r;W$C$?$N$G!"(B
$B0U8+$r$&$+$,$$$?$/$F:#2s$D$$$G$K%3%a%s%H$K=q$-$^$7$?!#(B
Post by Nobuhiro IMAI
$B$l$F$$$k$N$O!"(BDSA $B$N(B Vulnerability: $B$H$O0c$&$3$H$,$"$k$s$G$9$h$M!#Nc$((B
http://www.debian.org/security/
[2005 $BG/(B 11 $B7n(B 23 $BF|(B] DSA-908 sylpheed-claws
buffer overflows
$B$KBP$7$F(B
http://www.debian.org/News/weekly/2005/48/
# DSA 908: sylpheed-claws -- Arbitrary code execution.
$B$H$J$C$F$$$^$9!#$G!"<B:]$N(B DSA $B$O!"(B
http://www.debian.org/security/2005/dsa-908
DSA-908-1 sylpheed-claws -- buffer overflows
$B$G!"(Bdebian-security-announce $B$G$O$d$C$Q$j!"(B
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00309.html
Vulnerability : buffer overflows
$B$F$?$h$&$J5$$,$7$^$9$,!"(BDWN $B$N(B Security Updates $B$O$I$3$+$i<h$C$F$-$F$k(B
$B$s$G$7$?$C$1!)(B
$B$=$N!VLd$$9g$o$;!W$OCN$i$J$$$N$G$9$,!"(B
$***@hF|$N(B Debian $BJY6/2q$G!"!V$*$=$i$/(B Subject $B$+$i<+***@8@.$7$F$$$k$N$G$O!W(B
$B$H$$$&OC$,>***@n$5$s$+$i=P$F$$$^$7$?!#(B
$B<B:]>e$N(B debian-security-announce $B$N%a!<%k$N(B Subject $B$O!"(B
[SECURITY] [DSA 908-1] New sylpheed-claws packages fix arbitrary code execution
$B$H$J$C$F$$$^$9!#(B
$B$3$l$H%a!<%kK\J8$N(B
Post by Nobuhiro IMAI
Vulnerability : buffer overflows
$B$H$N(B inconsistency $B$O!"%;%-%e%j%F%#%A!<%`$K?V$+$J$$$HJ,$+$i$J$$$h$&$J5$$,(B
$B$7$^$9$,!D!D!#(B

# Removed packages $B$b3N$+%P%0Js9p$N%?%$%H%k$+$i!"$H$$$&OC$,$"$C$?$N$G$9$,!"(B
# $B$$$^3NG'$7$F$_$k$H!"$3$A$i$OI,$:$7$b$9$Y$F$K$OEv$F$O$^$i$J$$LOMM!D!D!#(B
--
|: Noritada KOBAYASHI
|: Dept. of General Systems Studies,
|: Graduate School of Arts and Sciences, Univ. of Tokyo
|: E-mail: ***@dolphin.c.u-tokyo.ac.jp (preferable)
|: ***@esa.c.u-tokyo.ac.jp
|: Key fingerprint = AB26 9533 81DA 997B 3C06 4380 19BB ADA0 695C 9F53
Nobuhiro IMAI
2005-12-07 08:58:43 UTC
Permalink
$B$$$^$$$G$9!#(B

# $BCY$/$J$j$^$7$?$,!"$d$C$HFI$_=*$($^$7$?!#(B

From: TAKEI Nobumitsu <takei_at_webmasters.gr.jp>
Date: Tue, 29 Nov 2005 22:31:36 +0900
Post by TAKEI Nobumitsu
Post by Kobayashi Noritada
<p><strong>Project Leader Delegations.</strong> Branden Robinson released a <a
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00009.html">\
document</a> explaining how project leader delegations work. The <a
href="$(HOME)/devel/constitution">constitution</a> suggests that there may be
other powers which the project leader may not directly wield, and which they
must delegate instead. If a particular decision is delegated, the project
leader cannot take back responsibility for the decision personally, but can
re-delegate it to someone else.</p>
Branden Robinson $B$5$s$O!"(B
href="http://lists.debian.org/debian-devel-announce/2005/11/msg00009.html">\
$BJ8=q(B</a>$B$r8x3+$7$^$7$?!#(B<a href="$(HOME)/devel/constitution">$B7{>O(B</a>$B$G$O!"(B
$B9T;H$7$F$O$J$i$:!"(B or $B9T;H$G$-$:!"(B
$B$N$[$&$,<+A3$+$H;W$$$^$9!%(B
$B$=$l$+$i!$(B delegatiton $B$O!V(B($B8"8B(B)$B0\>y!W$HLu$9$H%+%C%3$$$$$J$"$H;W$$$^$7$?!%(B
Post by Kobayashi Noritada
$BBe$o$j$K0QG$$7$J$1$l$P$J$i$J$$8"NO$b$"$k$H$5$l$F$$$^$9!#(B
$B$J$i$J$$8"8B$,$"$k$H$5$l$F$$$k!%(B
$BA4It$D$J$2$F!"(B

$B7{>O$G$O!"%W%m%8%'%/%H%j!<%@!<K\?M$,D>@\9T;H$9$k$N$G$O$J$/!"B>?M$K0Q>y(B
$B$7$J$1$l$P$J$i$J$$8"8B$,$"$k$H$5$l$F$$$^$9!#(B

$B$H$$$&$N$G$I$&$G$7$g$&$+!)(B
Post by TAKEI Nobumitsu
Post by Kobayashi Noritada
$BJL$N?M$K$=$l$r:F0QG$$9$k$3$H$O2DG=$G$9!#(B</p>
$B!D!D$3$3!$$A$g$C$H?<$a$KFI$s$G$_$^$9!%(B
$B$^$:$O(B Branden $B$N%a!<%k$+$i3:EvItJ,$r0zMQ"-(B
| 5. If the DPL delegates a particular decision, he or she cannot retake
| responsibility for the decision personally, but can re-delegate it to
| someone else.[1]
| ($B!x(B5.1.1, $B!x(B8.2)
($BCfN,(B)
| [1] One might argue that the prohibition on rescinding delegation of
| a particular decision is tied the individual(s) to whom it is given,
| rather than the decision in question. This is important if the
| person or people to whom the decision is delegated prove unable to
| make it. This is another variant on the old "what if Linus
| (Torvalds) gets hit by a bus?" problem. One developer has told me
| that my interpretation poses a different threat, however: "It looks
| like you're going to decide this one issue in a way I don't like, so
| I'll take it away and give the decision to someone who will decide
| it the way I want to." Why a Leader would do this, or how he or she
| could expect to get away with it, is not clear to me, but this
| scenario is not impossible. If this ever proves to be a
| non-hypothetical problem, I would ask for the Project Secretary's
| interpretation of the Constitution.
rather than the decision in question $B$N(B the decision $B$,2?$HF13J$K$J$C(B
$B$F$$$k$N$+J,$+$i$J$+$C$?$N$G$9$,!$$3$l$h$jA0$G(B the $B$rA0CV$9$kL>;l$O(B
individual(s) $B$7$+$J$$$N$G!$$=$&9M$($k$H!$(B
"the individual $BN,(B, rather than the decision" $B$O!V7hDj$G$O$J$/8D?M!W(B
$B$H2r<a$G$-$^$9!%$7$+$7!$$h$/$o$+$i$s$J!%(B
$BBh(B1$BJ8$+$i$*$*$6$C$Q$KLu$9$H"-(B
$BEv$N7hDj$G$O$J$/!$8"8B$,M?$($i$l$?8D?M$,FCDj$N7hDj$r$9$k$3$H$K0QG$$5(B
$B$l$?8"8B$r<h$jJV$9(B(rescinding)$B$N$r6X;_$9$k!%(B
$B$3$l$O!$8"NO$r0\>y$5$l$?8D?M(B(person)$B$d?M!9(B(people)$B$,$=$l$r40?k$G$-$J(B
$B!V;d$,9%$^$J$$J}K!$GLdBj$,7hDj$5$l$h$&$H$7$F$$$?$i!$(B
$B$H$$$&$3$H$+$J$"!%(B
$B$U!"?<$$!#(B
Post by TAKEI Nobumitsu
$B86J8$KLa$j$^$9!%(B
Post by Kobayashi Noritada
If a particular decision is delegated, the project
leader cannot take back responsibility for the decision personally, but can
re-delegate it to someone else.</p>
$B$+$C$?$H$-!$(BDPL $B8D?M$KLdBj$,La$C$F$-$F(B DPL $B$,<+J,$GBP=h$9$k$N$O%k!<%k0cH?!%(B
DPL $B$OB>$NC/$+$KLdBj=hM}$r:FEY3d$j?6$k$N$O$G$-$k!%(B
$B$h$C$FLu0F$O0J2<"-(B
$B$"$k7hDj8"$,0\>y$5$l$?$J$i$P!"(B
$B7hDj8"$rB>$NC/$+$K:F0QG$$O$G$-$^$9!#(B
$B$G$9$M!#(B[1]$B$NItJ,$OCm<a$N$h$&$J$N$G!"$=$NItJ,$O(B DWN $B$N86J8$K$O=P$F$-$F(B
$B$^$;$s$M!#Lu$NJ}$O$b$&>/$7!V$3$H!W$r;H$C$F$b$$$$$h$&$K46$8$^$7$?!#(B

$B2?$i$+$N7hDj8"$,0Q>y$5$l$?>l9g!"%W%m%8%'%/%H%j!<%@!<$,$=$N7hDj$KBP$9$k(B
$***@UL3$r8D?ME*$K<h$jLa$9$3$H$O$G$-$^$;$s$,!"7hDj8"$rB>$NC/$+$K:F0QG$$9$k(B
$B$3$H$O$G$-$^$9!#(B
Post by TAKEI Nobumitsu
Post by Kobayashi Noritada
<li>DSA 900: <a href="$(HOME)/security/2005/dsa-900">fetchmail</a> --
Potential information leak.
$BH]DjE*$J%K%e%"%s%9$N$_$r4^$`!V$*$=$l!W$H$$$&F|K\8l$b$"$j$^$9!%(B
$B$+$M$3$5$s$N(Bdebian-users:45220 $B$NLu$G$O!$(B
Post by Kobayashi Noritada
<li>DSA 903: <a href="$(HOME)/security/2005/dsa-903">unzip</a> --
Unauthorised permissions modification.
$BG'>Z$5$l$F$$$J$$%Q!<%_%C%7%g%sJQ99!#(B
unauthorised $B$O(B"$B8"8B$,$J$$(B"$B$G$9!%(B
$B$F!$(BPAM $B$H$+$N<B9T5v2D8"8B$b4^$s$G$7$^$$$=$&$K;W$($k$N$G!$(B*$B$3$3$G$O(B*
$B$?$[$&$,KM$O9%$-$G$9!%(B
$B$+$M$3$5$s$N(Bdebian-users:45188$B$G$NLu$G$O!$(B
| $B967b<T$K%"%/%;%98"8B$N$"$k%G%#%l%/%H%jCf$N%U%!(B
| $B%$%k$r?-D%$9$k:]$K!"(Bunzip $B$K(B unzip $BMxMQ%f!<%6$,8"8B$r;}$DJL$N%U%!%$%k$N(B
| $B%Q!<%_%C%7%g%s$NJQ99$r$5$;$k967b$,2DG=$G$9!#(B
$B$H!$!V%Q!<%_%C%7%g%s!W$r;H$C$F$$$^$9!%(B
$B!V8"8B$N$J$$%Q!<%_%C%7%g%s$NJQ99!#!W$,$$$$$H;W$$$^$9!#(B
--
Nobuhiro IMAI <***@yo.rim.or.jp>
Key fingerprint = F39E D552 545D 7C64 D690 F644 5A15 746C BD8E 7106
Nobuhiro IMAI
2005-12-16 19:48:15 UTC
Permalink
$B$$$^$$$G$9!#(B

From: Nobuhiro IMAI <nov_at_yo.rim.or.jp>
Date: Wed, 7 Dec 2005 17:58:43 +0900

$B$3$3(B
Post by Nobuhiro IMAI
$B$7$J$1$l$P$J$i$J$$8"8B$,$"$k$H$5$l$F$$$^$9!#(B
$B$3$H$O$G$-$^$9!#(B
$B$H!"$3$3(B
Post by Nobuhiro IMAI
$B!V8"8B$N$J$$%Q!<%_%C%7%g%s$NJQ99!#!W$,$$$$$H;W$$$^$9!#(B
$B$rJQ99$7$F!"%3%_%C%H$7$F$*$-$^$7$?!#(B
--
Nobuhiro IMAI <***@yo.rim.or.jp>
Key fingerprint = F39E D552 545D 7C64 D690 F644 5A15 746C BD8E 7106
Loading...