Security Team Weekly Summary, 2009-10-05

Robbie Williamson robbie at ubuntu.com
Mon Oct 5 23:20:27 BST 2009 

= Jamie Strandboge =
Role: happy place

== Issue Tracking ==
* bug triage
* CVE traige

== Updates ==
* openoffice.org update:
  * USN-840-1
  * QRT: add test cases and adjust test-openoffice.org for 9.04 and
    higher
  * QRT: update documentation to make building/patching OO.o more
    reproducible
  * UST: various umt and debcompare updates

== Technology Development ==
* AppArmor/libvirt
  * discuss/develop fix for LP: #438165 (apparmor profiles are never
    deleted) PENDING
  * fix LP: #437854 (allow access for sound) PENDING
  * quote pid, monitor and logfile (complete fix for LP: #432810)
    PENDING
  * follow-up with upstream for inclusion
* ISO testing for beta (lots)
  * follow up on LP #432959 (empty barriers not supported by kvm
    virtio_blk - "end_request: I/O error, dev vda, sector 0" log spam)
  * file bug #439560 (cross namespace ptrace should not be rejected by
    AppArmor)
* file and help debug bug #440071 (initctl hangs boot)

== Archive ==
* sync requests
* process NEW

== Community ==
* participate in security team meeting
* prepare for/participate in release meeting


= Kees Cook =
Weekly Role: triage

== Issue Tracking ==
* 124 CVEs triaged
* fixed URL publication in CVE export tool.
* security bugs reviewed.

== Technology Integration ==
* updating documentation on Karmic security features.
* merged valgrind (LP: #423485)
* fixed setuid call in xsplash (LP: #439272)

== Auditing ==
* investigated ancient amsn issue (CVE-2007-2195)
* investigated arm chroot binfmt confusion (LP: #427863)
* karmic beta ISO install testing.
* investigating/fixing onboard/gdm flaw (LP: #440371)

== Community ==
* security team meeting
* reviewed/built/uploaded desktopcouch for cmiller.
* discussing apparmor sandboxing with jdong, jdstrand.
* global-jam with OSUOSL.


= Marc Deslauriers =
Weekly role: community

== Updates ==
* Worked on, tested and released USN-838-1: Dovecot vulnerabilities
* Worked on, tested and released USN-839-1: Samba vulnerabilities
* Researched php5 CVEs
* Researched and worked on backuppc CVEs

== Technology development ==
* qa-regression-testing:
   - Added to test-samba.py testing script

== Community ==
* Sponsored nginx security updates



-- 
Robbie Williamson <robbie at ubuntu.com>
Ubuntu

More information about the ubuntu-devel mailing list