Debian Project News - January 7th, 2013

Welcome to this year's first issue of DPN, the newsletter for the Debian community. Topics covered in this issue include: security breach: global passwords reset

Steve McIntyre, administrator of the Debian wiki, announced that due to a security breach, all account passwords are being reset. In order to regain access to your wiki account, you'll need to follow the password recovery process. In the mail, Steve explained that the Debian Security Team recently found a vulnerability in the moin package which had been succesfully exploited for The wiki has already been moved to another server and an audit of the old server is ongoing.

Bits from the DPL

Stefano Zacchiroli sent his monthly report of DPL activities for December 2012. Stefano reported about progress in the DPL helpers experiment, as well as collaborations with external projects such as the Open Source Initiative (OSI) and Free Software Foundation (FSF). In addition, Stefano reported that the domain is finally under control of the Debian System Administrators.

Other news

The thirty-first issue of the miscellaneous news for developers has been released and covers the following topics:

Andreas Tille announced that the statistics about selected Debian teams have been updated, and now include all of 2012.

New Debian Contributors

1 people have started to maintain packages since the previous issue of the Debian Project News. Please welcome David Smith into our project!

Release-Critical bugs statistics for the upcoming release

According to the Bugs Search interface of the Ultimate Debian Database, the upcoming release, Debian Wheezy, is currently affected by 171 Release-Critical bugs. Ignoring bugs which are easily solved or on the way to being solved, roughly speaking, about 116 Release-Critical bugs remain to be solved for the release to happen.

There are also more detailed statistics as well as some hints on how to interpret these numbers.

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): wireshark, mahara, elinks, moin, virtualbox-ose, ghostscript, mediawiki-extensions, rails, weechat, nss, cups, gnupg, and gnupg2. Please read them carefully and take the proper measures.

Please note that these are a selection of the more important security advisories of the last weeks. If you need to be kept up to date about security advisories released by the Debian Security Team, please subscribe to the security mailing list (and the separate backports list, and stable updates list) for announcements.

Work-needing packages

Currently 519 packages are orphaned and 141 packages are up for adoption: please visit the complete list of packages which need your help.

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at

To receive this newsletter in your mailbox, subscribe to the debian-news mailing list.

Back issues of this newsletter are available.

This issue of Debian Project News was edited by C├ędric Boutillier, Francesca Ciceri and Justin B Rye.