Ubuntu Traffic #14 -- 2004/11/27

Benj. Mako Hill mako at canonical.com
Thu Dec 23 09:55:57 CST 2004


Ubuntu Traffic is a newsletter summarizing the goings-on in the Ubuntu
community -- focusing on IRC and mailing list activity.

I'm catching up on Ubuntu Traffic after the conference in Mataró.
There is lots of good stuff that I'll be reporting in the next week or
so stay tuned. I'm also testing an RSS feed for traffic that I'll be
announcing as soon as I verify that it works. :)

I've just finished a new issue. It is attached to this
mail and online here:


Thanks again to everyone who pointed things out to me. Please keep
this up!


Benjamin Mako Hill
mako at canonical.com
-------------- next part --------------
                       Ubuntu Traffic #14 For 2004/11/26

                             By Benjamin Mako Hill

Table Of Contents

  • Standard Format
  • Text Format
  • XML Source
  • Introduction
  • Mailing List Stats For This Week
  • Threads Covered

    1.  2004/11/12Â -Â 2004/11/  (7 posts)  Live CDs for PPC (And More!)
    2.  2004/11/17Â -Â 2004/11/  (4 posts)  Downgrading From Hoary
    3.  2004/11/18Â -Â 2004/11/  (54 posts) Ubuntu Merchandise
    4.  2004/11/19Â -Â 2004/11/  (86 posts) Documentation Team Update
    5.  2004/11/19Â -Â 2004/11/  (5 posts)  More On Language Packs
    6.  2004/11/19Â -Â 2004/11/  (25 posts) Dropping Support For the Mozilla
        27                                Suite
    7.  2004/11/22Â -Â 2004/11/  (8 posts)  Encrypted Home Directories
    8.  2004/11/25             (1 post)   Apt Authentication
    9.  2004/11/25Â -Â 2004/11/  (21 posts) Concerns With Sudo
    10. 2004/11/26             (2 posts)  Archive Layout
    11. 2004/11/23Â -Â 2004/11/  (2 posts)  Ubuntu Security Notifications


Welcome to the fourteenth edition of Ubuntu Traffic. This issue covers the week
of November 20 - 26, 2004. Ubuntu Traffic summarizes the most important mailing
list and IRC discussions involving the Ubuntu GNU/Linux distribution.

You can sign up for any of the mailing lists summarized here at http://
lists.ubuntu.com. You can also join the IRC discussion summarized here in #
ubuntu and other channels on the Freenode network: irc.freenode.net. Please
join in and maybe you will be featured in the next traffic!

First, the following bits and pieces didn't get a full story but are worth

  • An-tonio asked if anyone had tried the program skippy saying, "evidently,
    it is like expose for OSX and supports standard XFree and also new
    extensions from Xorg. It could be added to universe. I've tried it in hoary
    and work great." Paul Sladen replied to give more information and point to
    the homepage: http://thegraveyard.org/skippy.php
  • Sunjin Yang asked on the devel list about Vino and XDamage saying, "X.org
    packages added recently in Hoary have XDamage extension now, which is
    useful for vino, gnome VNC server for more efficient CPU utilization. In my
    case, current vino server uses 5~10% CPU when it running, but recompiled
    one uses only 1~2%." Jeff Waugh replied saying, "I've just uploaded a vino
    package with libxdamage-dev added to the build dependencies."
  • Jeff Waugh sent a message to ubuntu-devel saying that with the
    OpenOffice.org 1.1.3 upload (thanks doko!), he'd added a bunch of the GNOME
    integration packages to the DesktopSeedProposals:
      â–¡ openoffice.org-evolution
      â–¡ openoffice.org-gnomevfs
      â–¡ openoffice.org-gtk-gnome

Mailing List Stats For This Week

We looked at 1329 posts in 7336K.

There were 389 different contributors. 194 posted more than once. 165 posted
last week too.

The top posters of the week were:

  • 77 posts in 569K by Oliver Grawert
  • 49 posts in 179K by Matt Zimmerman
  • 35 posts in 138K by Lloyd D Budd
  • 27 posts in 105K by Colin Watson
  • 25 posts in 109K by volvoguy
  • Full Stats


1. Live CDs for PPC (And More!)
2004/11/12Â -Â 2004/11/26 (7 posts) Subject: "PowerPC live CD (Re: again on
livecd ;))"
People: Marco Bonetti, Andreas Mueller

The desire for a PowerPC/Mac version of Live CD was brought up on ubuntu-devel
and ubuntu-users (several times) and on IRC several times as well. In one
thread, Marco Bonetti asked, "How's going the PowerPC ubuntu livecd? On IRC, I
read it has low priority ATM but I think that a live linux-ppc is something
that is really missing." Marco also offered to help.

Matt Zimmerman replied to say that as far as he knew, nobody was working on it
but that Andreas Mueller was the person to talk to if he wanted to work on this
as he is handling most of the Live CD creation tasks for Ubuntu.

Andreas Mueller replied to say, "For the moment a straight unfavorable time, we
discuss at the momenta a redesign the CD. Probably it will become completely
simple in the future, for all architectures, to provide liveCD's. In short,
Andreas Mueller and Matt Zimmerman are working together on a new Live CD design
that should be able to easily support PPC and just about anything else that we
can install. That said, it will take a bit of work and won't be ready


2. Downgrading From Hoary
2004/11/17Â -Â 2004/11/22 (4 posts) Subject: "How to downgrade from hoary to
People: Olivier Vogel, Oliver Grawert, Danilo Piazzalunga

Olivier Vogel asked, "Is it possible to downgrade from hoary to warty without
reinstalling a new system?" Oliver Grawert replied saying, "unfortunately there
is no clean way of doing that, you will have to reinstall..."

While there is certainly no clean way, Danilo Piazzalunga pointed Olivier to a
document that described one way saying, "Try reading https://
www.ubuntulinux.org/wiki/DowngradingFromHoaryHowTo and see if it works well
enough for you."

Of course, this is completely unsupported and could leave your system in a
broken state but it's there for folks who want it and feel like living


3. Ubuntu Merchandise
2004/11/18Â -Â 2004/11/22 (54 posts) Subject: "merchandise"
People: David, Louise McCance-Price

David asked, "What is the official position regarding merchandise for Ubuntu?
I'm thinking specifically of T-Shirts. I made myself an Ubuntu T-shirt using
one of the "iron on" sheets but silk screen print would be better."

That day, Louise McCance-Price replied saying:

    Today, we have just launched the Ubuntu Shop! Please visit: http://
    www.cafepress.com/ubuntushop An upgrade to a premium shop with showcased
    designs from our community will be launched early next year.

    We have gone with Cafepress as a first stop for merchandise (and we are
    aware that some folks think the quality could be better) but there aren't
    too many "shops" of this nature around. If you know of any others, please
    do share the info!

    Commission on sales

    The Ubuntu project receives a small percentage on these sales. All proceeds
    from the Ubuntu shop (as with donations) will go to top up the bounty fund.
    Visit http://www.ubuntulinux.org/community/bounties for more information.

    Community merchandise

    We would like to see our community creating Ubuntu merchandise, but please
    notify us to obtain permission to use the Ubuntu trademark in advance
    (trademarks at ubuntulinux.org (mailto:trademarks at ubuntulinux.org) ). We will
    be tracking this. Please visit: http://www.ubuntulinux.org/ubuntu/
    TrademarkPolicy/ for more information.

    We'd love to see your designs, logos and artwork - so please add links to
    your personal sites at: https://www.ubuntulinux.org/wiki/CommunityArtwork


    We will be running a T-shirt design competition and web design competition
    in the new year, details will be posted as soon as they are available.

Shango Oluwa voiced some concerns about the choice of Cafepress which serves
many different groups including some that might be advocating political agendas
that he and others might think go against the core concepts of Ubuntu. Louise
replied to say:

    Ubuntu has no political affiliation. Cafepress is merely and outlet for
    people to purchase merchandise. If you do not wish to use them, that is
    absolutely your freedom of choice. We are merely hosting a shop at
    Cafepress, not endorsing any of their other shops' merchandise, beliefs


4. Documentation Team Update
2004/11/19Â -Â 2004/11/27 (86 posts) Subject: "Guidelines for writing?"
People: Enrico Zini, Matt Kirchhoff, John Hornbeck

The documentation team clocked in another week of busy discussion. Enrico Zini
posted information on style and guidelines for writing documentation for Ubuntu

    Now, I wouldn't want to see a super-long style guide explaining how many
    spaces go after a full stop and if there should be a comma before the "and"
    at the end of a list[1]. However it would be nice to collect items like
    this "Ubuntu OS / Ubuntu GNU/Linux" thing in a document that everyone can
    quickly have a look at.

    I started this page, where I can collect other similar items that pass
    around the list: https://www.ubuntulinux.org/wiki/StyleGuide

Matt Kirchhoff said, "As an aside, I'd be willing to serve as an overall style
editor for finalized documents. I have experience in this area, and I could
help ensure stylistic consistency across the wide range of documents we'll
likely encounter. I agree that nitpicking over grammar/punctuation is
unnecessary, but we should employ guidelines for person/tense/voice and other
major stylistic concerns."

Elsewhere, John Hornbeck mentioned the fact that he was thinking of porting the
entire Progeny User Guide over to Ubuntu since it is already a very good
resource. Similar ideas have been leveled in favor of the GNOME documentation.

John Hornbeck posted a summary of the organization of the Ubuntu book that he
is interested in writing. That outline contained:

     1. Installing Ubuntu
          ☆ Simple as pie
          ☆ Windows dual boot notes?
     2. Using Gnome
          ☆ Basic Anatomy
          ☆ Running Applications
          ☆ Managing Windows
          ☆ Finding Files
          ☆ Managing Files
     3. Common Tasks
          ☆ Listen to Music
          ☆ Create an Audio CD
          ☆ Check Email
          ☆ Instant Messaging
          ☆ Burn a Data CD
          ☆ Write a Letter
     4. Software
          ☆ Software Installation/Removal
          ☆ Keeping up to date
     5. Peripherals
          ☆ Digital Camera
          ☆ Scanner
          ☆ External Drives
          ☆ Printers
          ☆ Palm/Pocket PC
     6. System Configuration
          ☆ Boot
          ☆ Device Manager
          ☆ Disks
          ☆ Login Screen Setup
          ☆ Networking
          ☆ Printing
          ☆ Screen Resolution
          ☆ Synaptic Package Manager
          ☆ Time and Date
          ☆ Users and Groups
     7. More Information
          ☆ Command Line
          ☆ Applications for "Switchers"
          ☆ Hardware Compatibility
          ☆ Philosophy

Finally, Enrico Zini proposed using something like CIA to monitor the doc team
subversion repository:

    Some of you are probably aware that it's possible to hook some scripts into
    a subversion repository to get cool things like commit reports mailed to a
    list or cia.navi.cx statistics.

    Sending commit reports here is a bit aggressive, although we could create
    an ubuntu-doc-commits list somewhere. A CIA bot posting commit reports in #
    ubuntu-doc instead could be really cute.

    If we are interested in this, I don't have access to the server, but I can
    help in setting things up.


5. More On Language Packs
2004/11/19Â -Â 2004/11/22 (5 posts) Subject: "Discussion destillation: Options
for language packs"
People: Martin Pitt, Carlos Perello Marin

Martin Pitt sent an update to the development list on the work being done on
language packs -- one of the most important Hoary feature goals. Martin went
through an IRC discussion and wrote up a structured overview about the possible
alternatives, their pros (+) and cons (-). This included:

    (F1) single source and binary deb contains program and all available
         translations, no extra language packs (status quo)

     + no effort
     + no version inconsistencies
     + compatible to Debian and third party packages
     + users can compile fully functional packages on their own
     - wastes installed space for unwanted translations
     - updating translations for stable releases requires a lot of
       redundant downloads (since the non-translation part of packages
       does not change)

    (F2) extract translations during package build to separate language debs

     + users can install just the translation(s) they want, space
       efficient on installed system
     + can save space on CDs if we have per-language CDs
     - requires Ubuntu-specific build system, modification of debhelper,
       manual modification of packages that do not use debhelper
     - incompatible to Debian and third party packages, Ubuntu packages
       would conflict to them (because they ship the same files)
     - security updates of packages would drag the need to update the
       language pack(s) as well

       (F2-1) one deb per language that contains translations of all packages

        + no significant increase of number of packages
        - package must be rebuilt after any other package change to update
          the translations; unbearable impact on buildds and mirrors
        - users without huge bandwidth will not be able/willing to
          download big language packs very often (for maybe only one or
          two string updates)

       (F2-2) one deb per package that contains translations for all languages

        + no significantly higher impact on buildds and mirrors
        + space-efficient updates of language packs for stable releases
        o doubles the number of packages, but should be still bearable
        o translation-only updates do not download code any more, but
          still download unwanted translations

       (F2-3) one deb per package and language
        + fine-grained updates with very little mirror and buildd overhead
        + space-efficient updates of language packs for stable releases
        - increases number of packages by factor N (number of supported
          languages, in the order of 10 to 20) -> it takes the 20fold
          amount of bandwidth, time, space, and memory to download and
          process the Packages file, which would probably make them bigger
          than a monolithic per-language deb. However this could be
          alleviated by providing new package sections for each language.

    (F3) Leave original packages as they are and provide incremental
         translation update packages

     + stays compatible to Debian and third party debs
     + only
     - wastes user's disk for unwanted translations
     - brings along translations we do not support
     - same problems as above wrt. updating frequency and mirror impact
       (single deb for all packages) or package number (one translation
       deb per package)

       (F3-1) use dpkg-divert in the language pack to replace changed
              gettext files with newer versions
         - wastes user's disk for the original copy of the translations (that
           is shadowed by the update)

       (F3-2) introduce alternative gettext hierarchy /usr/share/langpack
         + possible to ship po files which only contain the bits that
           really changed, this alleviates the redundant copies
         - necessary to change gettext for that, and all packages that
           include a static copy of gettext

    (F4) Leave original packages as they are and provide translation
         updates without using debs; translations could be directly
         downloaded from Rosetta to /var/cache/locales/, or a
         similar place
     + since this does not touch the archive at all, there is no impact on
       buildds, mirrors, build systems, Package files, etc.
     + can be made fine-grained to download only updates for languages and
       software the user actually wants
     - we need to develop a version control system which decides when to
       use /var/cache/locales/ and when /usr/share/locales (updated
       packages could have newer translations than the ones downloaded
       from Rosetta); this could be done using the timestamp in the po
     o version controlling and downloading should be done in the
       language-support-XX packages (that we need anyway as a metapackage
       for Mozilla/Firefox/etc.); this package should provide a simple
       frontend for triggering updates

    (F5) keep the status quo on the archive servers, but strip off all but
         one/some translations in the debs that are shipped on the CDs
         + easy to achieve without any buildd/mirror hit
         + saves space on CDs (with per-language ones, at least)
         - does not solve the "new translation upgrades" problem any
         - apt will get confused if it sees two available packages with
           same version, but different size
         - insane amount of updated packages at first network update

    (F6) Convert the world to use one common language
     + No technically solution necessary
     + can throw away all translations, saves huge amounts of space on the
       CD that can be filled with indispensable gam^Wproductivity software
       like TuxRacer and Frozen Bubble
     - Sebastien insists to use French, but I do not understand a word of it
     o (SCNR)

    Side note that applies to all options: Translation updates for stable
    releases can easily introduce security holes; if we do this, we must
    review translations very carefully.

Carlos Perello Marin replied to say, "The option I really love is a mix of F2-1
and F2-3, we have a global package per language but based on tasks or groups of
packages, for instance base-l10n-XX, gnome-l10n-XX, server-l10n-XX, etc..."

There is a BOF scheduled to really hash out this problem at the upcoming Ubuntu
conference in Mataro.


6. Dropping Support For the Mozilla Suite
2004/11/19Â -Â 2004/11/27 (25 posts) Subject: "Dropping support for Mozilla
People: Martin Pitt, Martin Willemoes Hansen

Martin Pitt posted another message to the development and users lists
explaining a plan with Mozilla and asking for comments. The message read:

    In Tuesday's community we discussed about the future of Mozilla. The
    Mozilla foundation seems to fade out support for the legacy Mozilla suite
    (packages mozilla-browser and mozilla-mailnews) in favor of the splitted
    new FireFox and Thunderbird packages.

    Therefore we would like to confine our attention to the new programs and
    drop support for Mozilla in Hoary if there are no serious regressions.

    So we have a question to the community: are there any advantages that you
    see for Mozilla that FireFox/Thunderbird do not have? Would you seriously
    miss Mozilla if we dropped support for it?

Martin Willemoes Hansen objected saying that, "I can get java-applets from sun
going in Mozilla, but not in firefox." psychoelmo pointed the group to the
announcement up at http://www.mozilla.org/roadmap.html#
what-all-this-does-not-mean which basically says that Mozilla will still be
supporting the legacy suite for some time. The list also saw a deal of positive
feedback on the proposasal to focus on Firefox and Thunderbird as well.


7. Encrypted Home Directories
2004/11/22Â -Â 2004/11/23 (8 posts) Subject: "Interested in encrypted (home)
People: Martin Pitt, Michael Banck, Moritz Muehlenhoff, Tollef Fog Heen

Rounding out a marathon week of posting to the list, Martin Pitt also raised
the issue of encrypted home directories and whether this was something people
wanted. He sent a message saying:

    Today I installed and played around with encfs. It is a nice application of
    FUSE (Filesystem in Userspace) that provides transparent per-directory file
    encryption, which is a major part in providing offline data protection
    especially for laptops.

    encfs is much nicer than using cryptoloop since it does not require
    allocating space for partitions, but directly works with the underlying
    file system. It is reasonably small, does not need any kernel patch or
    support apart from FUSE itself, works reasonably fast, is easy to install
    and provides a good cryptographic offline file system protection.

    However, to make it really useful for Ubuntu, there is still some work to

      â–¡ A newer FUSE version should be packaged; preferably the Ubuntu standard
        kernel should support FUSE right out of the box. It is a general
        virtual file system layer and has many applications other than
        encrypted directories.
      â–¡ EncFs itself (and a depended-on library, librlog) must be packaged.
        Should be very easy, everything is autofoo'ed.
      â–¡ There should be a nice integration to support encrypted home
        directories; this requires an easy user interface for switching to an
        encrypted home directory and transparently mount it when logging in
        (using a tweaked libpam-mount or sth. similar).

    I think supporting encrypted directories (even complete home directories)
    out of the box would be a cool feature. This might not be something
    supportable for Hoary, because I have to extensively develop and test this.
    However, this should not stop us from developing it now, providing it in
    Hoary's universe and start to support it later.

    If there is a general interest in supporting this, I would like to work on
    this if my other Ubuntu projects leave some time for it.

Michael Banck replied saying, "Wasn't there a policy of only including patches
which are at least submitted upstream? Does anybody know what the Linux people
think about FUSE? Has it entered one of the big branches or will it ever?" 
Moritz Muehlenhoff replied saying, "The author is currently attempting to merge
it upstream. Linus has requested some cleanups, which seem to get taken care

Elsewhere in the thread, encrypted partitions was suggested. Martin Pitt
replied to this saying, "The fact that I do not like about encrypting whole
partitions (dm-crypt, cryptoloop, whatever) is that you either need to ask for
the encryption password as boot time (when mounting the encrypted partition) or
provide every user with his own encrypted partition (encrypted with his login
password, using libpam-mount). The latter option would mean to preallocate
space and partitions for every user. The per-directory based approaches (with
LUFS and FUSE) are a bit more flexible in this regard. Is there any way to make
device-based encryption similarly easy to handle?"

Tollef Fog Heen suggested that, "You could have a "master password" which is
the one used to encrypt the device and then you have a number of different
"slots" where the master password is encrypted using a user password. As long
as the number of users is less than the number of slots, you should be fine and
libpam-mount ought to work. This is basically the approach I was taking in
magicmount, but I haven't had the time to actually code on that lately."


8. Apt Authentication
2004/11/25 (1 post) Subject: "apt authentication"
People: Michael Vogt

Michael Vogt announced some ideas he'd be considering in terms of APT
authentication on the development list:

    I would like to raise some questions regarding the support for gpg signed
    repositories. The apt-secure patch that supports them was merged into the
    apt--authentication arch branch and the patch is used in debian/
    experimental for some time now. From a pure technical point of view it
    should be ready.

    The outstanding issue is the key-management. Matt raised the following

     1. How will keys be provided in a fresh install?
     2. How will keys be authenticated?
     3. How will new and updated keys be distributed to existing installations?
     4. How will keys revocations be processed?

    The current version will ship with a gpg-keyring in the tarball that
    contains the debian archive signing key. If no keyring is present it will
    install the key in /etc/apt/trusted.gpg. If that file is present it will do

    It will not depend on gpg but only suggest it. This is because it is fully
    functional without gpg.

    As a example I looked at how Connective solves the problems 1-4. They use a
    forked version of apt-secure for some time now and they handle the key
    distribution issue a bit different. They do not ship with a keyring. They
    only have it on the install cd. There archive key is signed by a number of
    connectiva developers. I have not found out how they handle revocation or
    new keys. Apparently Conectiva Linux 10 uses a key created in 2000.

    URPMI seems to solve the problem by having a pubkey file in the repository.
    It's then just downloaded and used. This (and any form of automatic
    key-updates) looks very dangerous as a attacker that e.g. captured a mirror
    may just sneak in a new pubkey file and sign his rogue packages with that.

Toward the end of the week in a seperate thread, Michael Vogt sent another
message saying:

    I put i386 packages of apt with the authentication code enabled at
    people.ubuntulinux.org. Testing is very welcome, please add the following
    line to your /etc/apt/sources.list:

    deb http://people.ubuntulinux.org/~mvo/apt-authentication/ ./

    The package includes the ubuntu archive default signing key. There is also
    the "apt-key" tool included to add more keys. Most tools that depend on apt
    are rebuild against this version as well (aptitude, synaptic, python-apt,
    gnome-apt, libapt-pkg-perl). If you miss a package, please mail me, I will
    add it to this archive.


9. Concerns With Sudo
2004/11/25Â -Â 2004/11/27 (21 posts) Subject: "sudo security concerns ?"
People: Karl Hegbloom, Paul Sladen, Matt Zimmerman, Scott James Remnant

Karl Hegbloom posted a series of concerns he'd had with sudo onto the devel
list. Similar concerns have been voiced several times in the past so I thought
that summarizing the discussion and the results here would be worthwhile. Karl
set up the conversation saying:

    I'm concerned about the security of having 'sudo' available so easily. When
    I run a sudo command, it asks for my password. That's fine, but the second
    time I run it, it does NOT ask for it. Once you authenticate, it remembers
    that and you stay authenticated for a period of time.

    I think that opens up a security hole that could be exploited by 'virus' or
    'trojan horse' writers. When Ubuntu becomes very popular, it will attract
    virus writers just as Windows has. If anything has easy access to 'root',
    it can do pretty much anything it wants to.

    Can sudo be configured, by default, to require a password EVERY time you
    run a sudo command?

Paul Sladen explained that you could set the timeout to zero but, "people get
annoyed at having to enter their password every time; so they fire up a root/su
window and leave it there."

Matt Zimmerman replied saying, "This was discussed months ago; the reality is
that this doesn't open any holes which don't already exist due to the inherent
design of programs like su and sudo. Anyone who has control over a uid with
access to su or sudo has control of root as well.." Scott James Remnant replied
saying, "If you run a root shell inside a terminal running as your own UID then
if your account is compromised they can inject key-strokes into it and do
things as root."

The short version is that while there are real weakeness to this strategy, most
of them exist (or are worse) with alternatives to sudo or with any system that
asks you type in your password repeatedly.


10. Archive Layout
2004/11/26 (2 posts) Subject: "cdimage.ubuntu.com is confusing"
People: Jeff Waugh, Colin Watson

Jeff Waugh sent a message to the devel list saying:

    I'm noticing a lot of people being confused by cdimage.ubuntu.com. We have
    a releases directory, which includes "hoary" and "5.04", so people looking
    for the latest release, or who have heard about this brand new hoary thing
    tend to download it. http://cdimage.ubuntu.com/releases/

    Perhaps we could remove these from releases/ and have a development/ dir at
    the top level, rather like the current sounder-test/? So perhaps it could
    look like this:

      warty -> 4.10/

    Or something like that. Also, that means if someone's just mirroring the
    releases/ dir, they don't get lumped with the testing releases.

Colin Watson replied saying, "To some extent this is why we created http://
releases.ubuntu.com/; especially your point about people just mirroring the
releases." In terms of the rearrangement, he said: "I wouldn't mind doing that,
although it kind of screws with already-published links. I suppose we could fix
that up with .htaccess."


11. Ubuntu Security Notifications
2004/11/23Â -Â 2004/11/25 (2 posts) Subject: "[USN-31-1] cyrus21-imapd

Martin Pitt posted another weeks worth of Ubuntu Security Notification to the
list notifying folks of another rash of bugs and pointing to their fixes. These
included the following:

cyrus21-imapd vulnerabilities

Ubuntu Security Notice USN-31-1 (CAN-2004-1012, CAN-2004-1013)

Affected Release: Ubuntu 4.10 (Warty Warthog)

Affected Packages are: cyrus21-imapd

Fix: The problem can be corrected by upgrading the affected package to version
2.1.16-6ubuntu0.1. In general, a standard system upgrade is sufficient to
effect the necessary changes.

More Information: http://lists.ubuntu.com/archives/ubuntu-security-announce/

mysql-dfsg vulnerabilities

Ubuntu Security Notice USN-32-1 (CAN-2004-0836, CAN-2004-0837, CAN-2004-0956,

Affected Release: Ubuntu 4.10 (Warty Warthog)

Affected Packages are: mysql-server

Fix: The problem can be corrected by upgrading the affected package to version
4.0.20-2ubuntu1.1. In general, a standard system upgrade is sufficient to
effect the necessary changes.

More Information: http://lists.ubuntu.com/archives/ubuntu-security-announce/







                       We Hope You Enjoy Ubuntu Traffic

Ubuntu Traffic is created and produced by Canonical Ltd. All pages are
copyright Canonical.

More information about the ubuntu-news mailing list