Security Team Weekly Status, 2009-10-13

Robbie Williamson robbie at ubuntu.com
Tue Oct 13 22:29:20 BST 2009


= Jamie Strandboge =
Short week due to vacation (off Oct 9)
Role: triager

== Issue Tracking ==
 * bug triage
 * CVE triage (lots)
 * UCT
  * have 'devel' release match reality based on the releases found in
    the CVE
  * fix some html reporting bugs

== Updates ==
 * openoffice.org update: testing publish (USN-840-1)
 * file LP: #443071 (can't publish a specific architecture after source
   is already published)
 * Debian security syncs
  * discuss stefanlsd's script to report Debian security vulnerabilities
    fixed in Debian but not yet fixed in Ubuntu. This was discussed at
    UDS Karmic to identify low-hanging fruit for Universe and Multiverse
    security updates.
  * write fake-security-sync
  * fake sync over 40 universe security updates from Debian. Syncs
should now be up-to-date but there are a lot of merges that community
members can dive into.
 * sponsor wget upload for mdeslaur
 * icu update (USN-846-1)
 * devscripts update
  * USN-847-1, USN-847-2
  * QRT: write test-devscripts.py for uscan
 * libsndfile update: (analyze, patch, build)

== Technology Development ==
 * AppArmor/libvirt
  * test/upload pending fixes for LP: #438165, LP: #437854 and LP:
    #432810
  * adjust patch for upstream inclusion (it is now ACCEPTED, yay!)
  * QRT: add USB attach/detach test
 * fix LP: #444839 (allow access to /usr/local/share/** for themes)
 * fix LP: #445442 (synce-hal doesn't work with dhclient3 apparmor
   profile)
 * follow up on LP: #412242 with Debian (ntp FTBFS: error: 'MOD_NANO'
   undeclared)
 * follow up on LP: #322348 (slapd cannot read nscd files on Hardy)
 * test jj's kernel fix for LP: #427948 (network operations not getting
   reported on karmic)

== Community ==
 * participate in security team meeting
 * endorse mdeslaur for core-dev


= Kees Cook =
Weekly Role: community

== Issue Tracking ==
 * reviewed New apparmor bugs.
 * reviewed security patches in need of sponsoring.

== Updates ==
 * built/tested/published glib2.0 update (USN-841-1)

== Technology Development ==
 * rewrote eucalyptus root wrapper (LP: #436977)

== Technology Integration ==
 * merge/FFe for logwatch (LP: #443252)
 * Fix SELinux with new GDM (LP: #430205)

== Auditing ==
 * reviewed pending kernel patches with ogasawara.
 * reviewed/sponsored mimetex upload from mdeslaur.
 * helping with avahi-publish and eucalyptus.
 * reviewed/merged apport-collect bugfixes from bdmurray.

== Community ==
 * security team meeting
 * converted SELinux wiki page to sensible landing page (moved Spec)


= Marc Deslauriers =
Weekly role: happy place

== Updates ==
 * Worked on, tested and released USN-842-1: Wget vulnerability
 * Worked on, tested and released USN-843-1: BackupPC vulnerability
 * Worked on, tested and released USN-844-1: mimeTeX vulnerabilities
 * Worked on, tested and released USN-845-1: Pan vulnerability
 * Researched and worked on zope3 CVEs

== Technology development ==
 * Had problem with unembargo script and opened bug (LP: #443075)
 * Did some tests with 100% cpu usage xorg bug. (LP: #439138)
 * Opened a bug about a button problem in gedit (LP: #443425)
 * Commented on libapache2-mod-auth-pam bug (LP: #130099)
 * Performed test and commented on jockey bug (LP: #439530)
 * Discovered apparmor user-space bug (LP: #446524)
 * Researched zope bug (LP: #356137)
 * Tested apparmor test kernel
 * qa-regression-testing:
   - Wrote test-wget.py testing script
   - Wrote test-mimetex.py testing script
   - Wrote test-zope3.py testing script


-- 
Robbie Williamson <robbie at ubuntu.com>
Ubuntu




More information about the ubuntu-devel mailing list