Security Team Weekly Status, 2009-10-13
Robbie Williamson
robbie at ubuntu.com
Tue Oct 13 22:29:20 BST 2009
= Jamie Strandboge =
Short week due to vacation (off Oct 9)
Role: triager
== Issue Tracking ==
* bug triage
* CVE triage (lots)
* UCT
* have 'devel' release match reality based on the releases found in
the CVE
* fix some html reporting bugs
== Updates ==
* openoffice.org update: testing publish (USN-840-1)
* file LP: #443071 (can't publish a specific architecture after source
is already published)
* Debian security syncs
* discuss stefanlsd's script to report Debian security vulnerabilities
fixed in Debian but not yet fixed in Ubuntu. This was discussed at
UDS Karmic to identify low-hanging fruit for Universe and Multiverse
security updates.
* write fake-security-sync
* fake sync over 40 universe security updates from Debian. Syncs
should now be up-to-date but there are a lot of merges that community
members can dive into.
* sponsor wget upload for mdeslaur
* icu update (USN-846-1)
* devscripts update
* USN-847-1, USN-847-2
* QRT: write test-devscripts.py for uscan
* libsndfile update: (analyze, patch, build)
== Technology Development ==
* AppArmor/libvirt
* test/upload pending fixes for LP: #438165, LP: #437854 and LP:
#432810
* adjust patch for upstream inclusion (it is now ACCEPTED, yay!)
* QRT: add USB attach/detach test
* fix LP: #444839 (allow access to /usr/local/share/** for themes)
* fix LP: #445442 (synce-hal doesn't work with dhclient3 apparmor
profile)
* follow up on LP: #412242 with Debian (ntp FTBFS: error: 'MOD_NANO'
undeclared)
* follow up on LP: #322348 (slapd cannot read nscd files on Hardy)
* test jj's kernel fix for LP: #427948 (network operations not getting
reported on karmic)
== Community ==
* participate in security team meeting
* endorse mdeslaur for core-dev
= Kees Cook =
Weekly Role: community
== Issue Tracking ==
* reviewed New apparmor bugs.
* reviewed security patches in need of sponsoring.
== Updates ==
* built/tested/published glib2.0 update (USN-841-1)
== Technology Development ==
* rewrote eucalyptus root wrapper (LP: #436977)
== Technology Integration ==
* merge/FFe for logwatch (LP: #443252)
* Fix SELinux with new GDM (LP: #430205)
== Auditing ==
* reviewed pending kernel patches with ogasawara.
* reviewed/sponsored mimetex upload from mdeslaur.
* helping with avahi-publish and eucalyptus.
* reviewed/merged apport-collect bugfixes from bdmurray.
== Community ==
* security team meeting
* converted SELinux wiki page to sensible landing page (moved Spec)
= Marc Deslauriers =
Weekly role: happy place
== Updates ==
* Worked on, tested and released USN-842-1: Wget vulnerability
* Worked on, tested and released USN-843-1: BackupPC vulnerability
* Worked on, tested and released USN-844-1: mimeTeX vulnerabilities
* Worked on, tested and released USN-845-1: Pan vulnerability
* Researched and worked on zope3 CVEs
== Technology development ==
* Had problem with unembargo script and opened bug (LP: #443075)
* Did some tests with 100% cpu usage xorg bug. (LP: #439138)
* Opened a bug about a button problem in gedit (LP: #443425)
* Commented on libapache2-mod-auth-pam bug (LP: #130099)
* Performed test and commented on jockey bug (LP: #439530)
* Discovered apparmor user-space bug (LP: #446524)
* Researched zope bug (LP: #356137)
* Tested apparmor test kernel
* qa-regression-testing:
- Wrote test-wget.py testing script
- Wrote test-mimetex.py testing script
- Wrote test-zope3.py testing script
--
Robbie Williamson <robbie at ubuntu.com>
Ubuntu
More information about the ubuntu-devel
mailing list