Security Team Weekly Report, 2009-09-15

Robbie Williamson robbie at ubuntu.com
Tue Sep 15 15:18:48 BST 2009 

= Jamie Strandboge =
Role: happy place

== Issue Tracking ==
 * bug triage
 * CVE triage

== Updates ==
 * openssl sponsored upload for mdeslaur
 * qt4-x11 update
  * analyze, patch, build, test, publish (USN-829-1)
  * write and integrate reproducer into QRT
 * firefox update (test, publish USN-821-1)
 * investigate gnutls openpgp regression
 * ia32-libs update for Karmic

== Technology Development ==
 * AppArmor/libvirt
  * upstream resubmission #1 (based on initial feedback)
  * fix LP: #427338 (apparmor profile for libvirtd should be in enforce mode)
  * update README.Debian documentation to match upstream
  * start testing upstream patches for karmic
 * file and follow up on LP: #427900 (nautilus (via gvfs) shows all my schroots
in Places)

== Community ==
 * update https://wiki.ubuntu.com/KarmicKoala/TechnicalOverview for apparmor and ufw
 * blog about AppArrmor/SFTP technique

== Archive ==
 * binary deNEW linux-mvl-dove
 * fix synclib.py to work when there is no previous version
 * fix backport.py to handle requestor with hidden email address
 * process sync requests
 * process various bugs and backports
 * process NEW


= Kees Cook =
Weekly Role: triage

== Issue Tracking ==
 * triaged about 150 CVEs
 * triaged security bugs
 * investigating rhythmbox overflow heap execution (LP: #427602).

== Updates ==
 * tested/published pam updates (USN-828-1)
 * patch/build/test glib2.0 updates

== Technology Development ==
 * proposed change to glibc malloc error template.

== Technology Integration ==
 * discussed remaining AppArmor userspace bugs.
 * fixed bug in Apport where gdb output was going missing.
 * updated AppArmor to delay mount point testing.
 * sponsored upload of ubuntu-dev-tools bug-fix (LP: #416438).
 * update udev with upstream commits (LP: #385934, #407428).
 * discussing apache2 apparmor packaging.

== Auditing ==
 * investigated openssl chain validation failures (LP: #421027)
 * investigated pam bugs LP: #426923, #426658

== Community ==
 * review/upload gnome-ppp from mdeslaur.



= Marc Deslauriers =
Weekly role: community

== Updates ==
 * Researched and worked on htmldoc updates
 * Researched and worked on openssl updates
   - Sent patch URL to Debian regression bug report
 * Researched and worked on openexr updates

== Technology development ==
 * qa-regression-testing:
   - Added tests to test-openssl.py
   - Wrote test-openexr.py testing script
 * Opened evolution bug "contacts displayed twice in new email contact list"
(LP: #428917)
 * AppArmor
   - Worked on apache2 profile
   - Researched and opened bug "aa-logprof doesn't handle "open" log entries"
(LP: #427966)
   - Researched and opened bug "network operations not getting reported on
karmic" (LP: #427948)

== Community ==
 * Applied for MOTU

More information about the ubuntu-devel mailing list