Security Team Weekly Summary, 2009-10-26

Robbie Williamson robbie at ubuntu.com
Tue Oct 27 12:20:48 GMT 2009 

= Jamie Strandboge =
Short week due to vacation (off Oct 12 and 13)
Role: community

== Issue Tracking ==
 * bug triage
 * CVE triage

== Updates ==
 * libsndfile:
  * testing, publication
  * QRT: update test-libsndfile.py
 * elinks update: analyze, patch, build
 * perform fake syncs from Debian:
  * jaunty: graphicsmagick, gforge, libapache-mod-jk
  * intrepid: libapache-mod-jk
  * dapper: eggdrop, netrik, links

== Technology Development ==
 * AppArmor
  * write apparmor-notify in apparmor-inprogress-profiles
  * fix LP: #449286 for firefox and evince (apparmor breaks zotero
    extension for firefox)
  * fix LP: #449423 (report a problem is broken because of apparmor)
  * discover, investigate, file, discuss at length with jjohansen LP:
    #451375 (apparmor disallows truncate of deleted file)
  * fix LP: #439484 (firefox profile for mplayer plugin)
  * fix LP: #439484 (evince profile for accessing files in mozilla's
    cache)
  * prepare/test/upload apparmor 2.3.1+1403-0ubuntu26
  * file and discuss with jjohansen LP: #451422 (cannot override a
    generic deny rule with a more specific allow rule)
  * fix LP: #448671 (virt-aa-helper fails with host os type is x86_64
    and guest arch='i686')
  * fix LP: #452057 (evince apparmor profile blocks DVI printing)
 * follow up on LP: #400682 ([Karmic stac9227 regression] No sound
   after upgrade from Jaunty to Karmic)
 * QRT:
  * update libvirt-apparmor.sh to test LP: #448671
  * update libvirt-apparmor.sh for virtio tests
 * thoroughly test virt-manager:
  * file LP: #453335 (apparmor complains about write access to a
    readonly file)
  * file and fix LP: #453329 (libvirt apparmor profile denies access to
    pulseaudio)
  * discuss pulseaudio/kvm/libvirt woes with kirkland and file LP:
    #453453 (libvirt sometimes hangs when using pulseaudio)
  * file LP: #453467 (virt-manager traceback if select an architecture
    during VM creation)
  * file LP: #453495 (virt-manager does not honor other architectures
    when using qemu)
  * add new tests to SecurityTeam/Specifications/AppArmorLibvirtProfile

== Community ==
 * update release notes for firefox and AppArmor
 * prepare for and participate in release meeting



= Kees Cook =
Weekly Role: happy-place

== Updates ==
 * review/publish python-django update to karmic (LP: #447617, #445639)
 * reviewing/testing kernel security updates from ogasawara.

== Technology Development ==
 * fixed unsafe /tmp usage in Eucalyptus (LP: #445105).

== Technology Integration ==
 * working on getting the m2crypto testsuite running.

== Auditing ==
 * reviewed/closed rsyslog bug as it was likely udev's fault (LP:
#423943)
 * failing to reproduce screen saver crashes (LP: #446395)
 * reviewed proposed euca_rootwrap changes (LP: #436977)
 * reviewed and merged apport fixes from bdmurray.
 * trying to reproduce/debug gnome-screensaver crash (LP: #446395)
 * testing apt cron failures (LP: #449535)
 * checked on LP cookie security some more for kfogel.
 * investigated blkid bug with bdmurray (LP: #452503).
 * hunting source of HUP-blocking in m2crypto build (LP: #453460)

== Community ==
 * helping a user test their NX protections.
 * updated documentation on NX protections.
 * created AppArmor development team.


= Marc Deslauriers =
Weekly role: triage

Monday the 12th was a holiday for me.

== Issue Tracking ==
 * CVE triage
 * security bug triage

== Updates ==
 * Worked on, tested and released USN-848-1: Zope vulnerabilities
 * Worked on poppler CVEs

== Technology development ==
 * Researched and fixed gdm-guest-session bug (LP: #449712)
 * Researched and fixed AppArmor null profile parsing (LP: #446524)                                   


-- 
Robbie Williamson <robbie at ubuntu.com>
Ubuntu

More information about the ubuntu-devel mailing list