Security Team Monthly Summary, April
Robbie Williamson
robbie at ubuntu.com
Thu Apr 29 10:04:38 BST 2010
Jamie Strandboge
================
Apr5 - Apr11
Role: triager
== Issue Tracking ==
* bug triage (very little-- will catch up on Monday)
* cve triage
* review memcached issue for server team
== Updates ==
* clamav:
- sponsor rdepends updates for Intrepid
- analyze, patch, test, build, publish USN-926-1
* moin update:
- analyze, patch, test, build, publish USN-925-1
- QRT: added tests and updates
* erlang update:
- analyze, patch, test, build, publish USN-624-2
- QRT: write (small) test-erlang.py
* nss update: test, publish USN-927-1
* firefox update: test, publish USN-920-1 and USN-921-1
* nss regression: triage, test, publish USN-927-2 and USN-927-3
* embargoed update: analyze, patch
== Technology Development ==
* Libvirt
* fix pcidev in 0.7.7
* send all 0.7.7 work upstream. It was all accepted except the
save/restore patch which required internal API changes. This should
be committed when the next upstream features merge window opens
* backport fixes for:
* LP: #545426 (SDL support broken when using apparmor)
* LP: #470636 (AppArmor security driver does not support
backingstore)
* LP: #545795 (apparmor driver blocks access to hostdev and pcidev
* prepare/test/upload 0.7.5-5ubuntu18 and 19 to Lucid
* ISO testing (lots)
* raid1/ext3 failure. file/follow up on LP: #557429 (booting out of
sync RAID1 array fails with ext3 (comes up as already in sync))
* AppArmor
* fix LP: #558432 (apparmor profile blocks access to apturl)
== Community ==
* ReleaseStatus meeting
== Archive ==
* process NEW
Apr12 - Apr18
Role: triager/community (filled in for Kees and Marc, who were out part
of the week)
== Issue Tracking ==
* bug triage
* cve triage
- regular triage (lots)
- go through all firefox and convert firefox to xulrunner for active
CVEs
- various other CVE cleanups
* UST: update debcompare to work around (LP: #558626 -- ls.so crashes
on -dbg packages)
* UCT
- discover, investigate and file RT ticket on redirects of
non-numeric CVEs
- adjust formatting of .pkg table
== Updates ==
* nss: file LP: #562332 (need to update to 3.12.6) and discuss
NSS/mozilla testing with chrisccoulson
* sudo update: testing, publish USN-928-1
* koffice update: analyze
* cmake update:
- analyze, patch, build, test, publish USN-890-6
- QRT: wrote test-cmake.py
* cron update: analyze, build, test, publish to Lucid (minor issue)
* phpmyadmin sponsored upload for Dapper
* irssi update: analyze, patch, build, test, publish USN-929-1
* perform security fake-syncs
* kdebase-workspace (kdm) update: review patch from Riddell, build,
test
* netpbm-free update: analyze, patch, build
== Technology Development ==
* AppArmor: stress test new kernel
* Libvirt:
* virt-aa-helper profile fine-tuning
* QRT: update libvirt tests to make sure the profile is unloaded in
addition tot he process being unconfined
* gsasl merge (LP: #548480)
== Community ==
* ReleaseStatus meeting
== Archive ==
* process NEW
Apr19 - Apr25
Role: happy place
== Issue Tracking ==
* bug triage
* ubuntu-maintenance-check.py review with security team for mvo
* component-mismatches/seeds/5yr support discussion
== Updates ==
* kdm update: test, publish USN-932-1
* irssi regression update: analyze, patch, build, test, publish
USN-929-2
* test gnome-keyring for pitti LP: #566046
* update schroots to use aufs
== Technology Development ==
* follow up on plymouth bugs: #564471 and #521298
* follow up/discuss LP: #566207 (apparmor blocks evince
from /usr/bin/dbus-launch)
* Libvirt:
* fix usr.lib.libvirt.virt-aa-helper profiling bugs
* triage/fix LP: #567392 (__virExec:362 : cannot create pipe: Too many
open files)
* QRT: update test-libvirt.py for FD leaks
* UDS topics (opie/s/key and securid discussion)
* follow up on all my open/assigned bugs
* iso testing
* upgrade testing -- hardy - lucid
== Community ==
* ubuntu-security meeting
* ReleaseStatus meeting
== Audit ==
* Install testing:
* file LP: #569085 (improper group write permission for error.log)
* file LP: #569118 (improper group write permission
for /var/lib/tomcat6/webapps)
* investigate suid/sgid in full (ie, all non-eucalyptus tasks) server
installs
== Archive ==
* process NEW
== Miscellaneous ==
* various hardy/karmic upgrades to lucid
Kees Cook
=========
Apr05 - Apr11
Weekly Role: community
== Issue Tracking ==
* triaged 42 CVEs
* reviewed New security bugs.
== Updates ==
* tested and published openjdk-6 update (USN-923-1)
* built, tested, and publish krb5 updates (USN-924-1)
== Technology Integration ==
* reviewing more "unknown" segv parser results.
* merged debmirror with Debian.
* fighting with partitions to install grub2 under VMs.
* cleaned up SELinux early-start routines (LP: #556823).
== Auditing ==
* validated that raid1 install works correctly
* investigating 64bit SIGBUS in glibc (LP: #558626).
* working to reproduce AppArmor hangs and corruptions.
== Community ==
* security team meeting
* Tech Board meeting
* updated security feature matrix and friends for 10.04.
Apr12 - Apr18
Weekly Role: triage (short week, on vacation)
== Issue Tracking ==
* reviewed new security bugs.
== Auditing ==
* wrote vmalloc memory kernel module stress tester.
* reproducing AppArmor hangs, corruption, finally caught crasher in VM
* ISO testing
== Community ==
* security team meeting
Apr19 - Apr25
Weekly Role: community (4-day week, vacation on 19th)
== Technology Development ==
* examining maint-check 18m/3y/5y lists with mvo, jdstrand, mdeslaur
== Technology Integration ==
* merged, tested, and published selinux lucid updates from tresys
== Auditing ==
* checking uninstallable local software with new update-manager tools
* checking on python stack crashes for doko, seems to be old kernel
issue
* quick review of VLC last-minute upload from jdong
* ISO testing
== Community ==
* security team meeting
* Tech Board meeting
Marc Deslauriers
================
Apr5 - Apr11
Short week due to Monday being a holiday.
Weekly role: community
== Updates ==
* Worked on ffmpeg updates
== Technology development ==
* qa-regression-testing:
- scripts/test-ffmpeg.py: new testing script
* Discussed and researched parted bug with kees (LP: #556167)
* Discussed rkhunter issue, fixed, and uploaded fix (LP: #556455)
* Reviewed apache2 backport for zul
* Tested WPA2-Enterprise support in lucid and updated bug (LP: #445487)
== Community ==
* Sponsored mahara community security updates
* Sponsored mediawiki community security updates
== Canonical ==
* Security team weekly meeting
Apr12 - Apr18
Out Sick
Apr19 - Apr25
Weekly role: triage
== Issue Tracking ==
* CVE triage
* security bug triage
== Updates ==
* Worked on, tested and released USN-931-1: FFmpeg vulnerabilities
* Researched php5 CVEs
* Worked on texlive-bin CVEs
* Researched ffmpeg regression
== Technology development ==
* Investigated login password in gnome-keyring (LP: #566046)
* Added more info to DebuggingScreenLocking wiki page
* qa-regression-testing:
- scripts/test-ffmpeg.py: adjusted for i386
* Discussed seeds and LTS support lifetimes with mvo, kees, jdstrand
* Performed ISO testing
* Discussed opie and s/key with jdstrand
* Struggled with schroots, fixed free space bug in sbuild
* Discussed chkrootkit false alerts with MagicFab
== Canonical ==
* Security team weekly meeting
--
Robbie Williamson robbie at ubuntu.com
Ubuntu robbiew[irc.freenode.net]
"You can't be lucky all the time, but you can be smart everyday"
-Mos Def
"Arrogance is thinking you are better than everyone else, while
Confidence is knowing no one else is better than you." -Me ;)
More information about the ubuntu-devel
mailing list