Security Team Weekly Summary, 2009-10-26
Robbie Williamson
robbie at ubuntu.com
Tue Oct 27 12:20:48 GMT 2009
= Jamie Strandboge =
Short week due to vacation (off Oct 12 and 13)
Role: community
== Issue Tracking ==
* bug triage
* CVE triage
== Updates ==
* libsndfile:
* testing, publication
* QRT: update test-libsndfile.py
* elinks update: analyze, patch, build
* perform fake syncs from Debian:
* jaunty: graphicsmagick, gforge, libapache-mod-jk
* intrepid: libapache-mod-jk
* dapper: eggdrop, netrik, links
== Technology Development ==
* AppArmor
* write apparmor-notify in apparmor-inprogress-profiles
* fix LP: #449286 for firefox and evince (apparmor breaks zotero
extension for firefox)
* fix LP: #449423 (report a problem is broken because of apparmor)
* discover, investigate, file, discuss at length with jjohansen LP:
#451375 (apparmor disallows truncate of deleted file)
* fix LP: #439484 (firefox profile for mplayer plugin)
* fix LP: #439484 (evince profile for accessing files in mozilla's
cache)
* prepare/test/upload apparmor 2.3.1+1403-0ubuntu26
* file and discuss with jjohansen LP: #451422 (cannot override a
generic deny rule with a more specific allow rule)
* fix LP: #448671 (virt-aa-helper fails with host os type is x86_64
and guest arch='i686')
* fix LP: #452057 (evince apparmor profile blocks DVI printing)
* follow up on LP: #400682 ([Karmic stac9227 regression] No sound
after upgrade from Jaunty to Karmic)
* QRT:
* update libvirt-apparmor.sh to test LP: #448671
* update libvirt-apparmor.sh for virtio tests
* thoroughly test virt-manager:
* file LP: #453335 (apparmor complains about write access to a
readonly file)
* file and fix LP: #453329 (libvirt apparmor profile denies access to
pulseaudio)
* discuss pulseaudio/kvm/libvirt woes with kirkland and file LP:
#453453 (libvirt sometimes hangs when using pulseaudio)
* file LP: #453467 (virt-manager traceback if select an architecture
during VM creation)
* file LP: #453495 (virt-manager does not honor other architectures
when using qemu)
* add new tests to SecurityTeam/Specifications/AppArmorLibvirtProfile
== Community ==
* update release notes for firefox and AppArmor
* prepare for and participate in release meeting
= Kees Cook =
Weekly Role: happy-place
== Updates ==
* review/publish python-django update to karmic (LP: #447617, #445639)
* reviewing/testing kernel security updates from ogasawara.
== Technology Development ==
* fixed unsafe /tmp usage in Eucalyptus (LP: #445105).
== Technology Integration ==
* working on getting the m2crypto testsuite running.
== Auditing ==
* reviewed/closed rsyslog bug as it was likely udev's fault (LP:
#423943)
* failing to reproduce screen saver crashes (LP: #446395)
* reviewed proposed euca_rootwrap changes (LP: #436977)
* reviewed and merged apport fixes from bdmurray.
* trying to reproduce/debug gnome-screensaver crash (LP: #446395)
* testing apt cron failures (LP: #449535)
* checked on LP cookie security some more for kfogel.
* investigated blkid bug with bdmurray (LP: #452503).
* hunting source of HUP-blocking in m2crypto build (LP: #453460)
== Community ==
* helping a user test their NX protections.
* updated documentation on NX protections.
* created AppArmor development team.
= Marc Deslauriers =
Weekly role: triage
Monday the 12th was a holiday for me.
== Issue Tracking ==
* CVE triage
* security bug triage
== Updates ==
* Worked on, tested and released USN-848-1: Zope vulnerabilities
* Worked on poppler CVEs
== Technology development ==
* Researched and fixed gdm-guest-session bug (LP: #449712)
* Researched and fixed AppArmor null profile parsing (LP: #446524)
--
Robbie Williamson <robbie at ubuntu.com>
Ubuntu
More information about the ubuntu-devel
mailing list