Security Team Weekly Summary, 2009-01-24

[Robbie Williamson]

= Jamie Strandboge =
Role: community

Short week due to US holiday on Monday

== Issue Tracking ==
 * bug triage
 * CVE triage
  * triage packages with embedded expat

== Updates ==
 * help push squirrelmail sponsored upload along (LP: #446838)
 * proftpd sponsored upload (LP: #508738)
 * fake-syncs: horde3/jaunty
 * expat
  * Lucid merge
  * analyze, patch, build, test publish USN-890-1
  * QRT: write test-expat.py (use W3C XML Test Suite)
 * python2.5
  * analyze, patch, build, test publish USN-890-2
  * QRT: update test-python.py to use W3C XML Test Suite
 * python2.4: analyze, patch, build, test publish USN-890-3
 * review/discuss CVE-2008-5161 with cjwatson and server team

== Technology Development ==
 * AppArmor
  * adjust firefox profile in all branches for dirname, pwd and IBM java
  * investigate firefox-3.6 issue (path changed)
  * firefox-3.6 packaging (desktop-lucid-new-firefox-support-model: 
    update apparmor profile packaging to handle static build name 
    transition)
  * libvirt upstream: verify upstream virFileResolveLink() changes don't
    break apparmor security driver
  * start libvirt merge
 * ufw: finish/commit parser improvements

== Community ==
 * ubuntu-security meeting
 * ReleaseStatus meeting

== Archive ==
 * process NEW

== Miscellaneous ==
 * learn about/use bzr merge-package



= Kees Cook =
Weekly Role: triage

== Issue Tracking ==
 * triaged 48 CVEs
 * tracking down kernel CVE names.

== Technology Development ==
 * updated nx-emu brk collision patch (LP: #452175)
 * wrote HTML exporter for CVE exposure graphs.
 * updated UTC handling in cve_lib.
 * correctly export per-package/release priorities to HTML output.
 * developed CLONE_NEWNET wrapper for schroot.

== Technology Integration ==
 * published per-package counts for CVE updates.
 * hunting build failures from texlive-base being out of date (LP:
#509981).
 * created SELinux upstart job for restorecon of /tmp.
 * filed /tmp clearing race bug (LP: #511351).
 * merged texlive-extra.

== Auditing ==
 * reviewed virtuoso-opensource MIR (LP: #503774)
 * reviewed kvm-touchpad MIR (LP: #508824)
 * reviewed squid-deb-proxy configurations for mvo.

== Community ==
 * security team meeting
 * DMB meeting



= Marc Deslauriers =
Weekly role: happy place

== Updates ==
 * Worked on, tested and released USN-887-1: LibThai vulnerability
   - Fixed duplicate USN number problem
 * Worked on, tested and released USN-888-1: Bind vulnerabilities
 * Worked on, tested and released USN-889-1: gzip vulnerabilities
 * Worked on MySQL issues

== Technology development ==
 * Created apport hooks for gnome-screensaver
 * qa-regression-testing:
   - scripts/test-gzip.py: wrote new test script
                                  



-- 
Robbie Williamson                                     robbie at ubuntu.com
Ubuntu                                         robbiew[irc.freenode.net]                               

"You can't be lucky all the time, but you can be smart everyday" 
 -Mos Def

"Arrogance is thinking you are better than everyone else, while
Confidence is knowing no one else is better than you." -Me ;)