Security Team Weekly Summary, 2009-01-11
Robbie Williamson
robbie at ubuntu.com
Tue Jan 12 21:54:54 GMT 2010
= Jamie Strandboge =
Role: happy place
== Issue Tracking ==
* CVE triage
== Updates ==
* postgresql publication (USN-876-1)
* transmission update (analyze, patch, learn about bittorrent trackers,
test)
* firefox update (test and publish USN-877-1 and USN-878-1)
== Technology Development ==
* libvirt: investigate/discuss 0.7.5 merge -- will merge but without
the
libvirt-qemu non-root change in Debian (we have AppArmor and this
change
is too drastic for Lucid (per ttx, jib and soren))
* newt sync
* tcpdump merge
* apparmor:
- discuss/fix/upload LP: #274350: apparmor HOMEDIRS not adjusted for
likewise
- security-lucid-apparmor-usability: start on enumerating home
directories to adjust tunables
- discuss firefox profile with ubuntu-mozillateam
- discuss/fix/upload LP: #447292: debconf setting for HOMEDIRS
* QRT:
- add documentation for Apache2 to README.multipurpose-vm
- add documentation for bittorrent tracker server, clients, protocol
and testing
* install Lucid on laptop (T42)
* The bad news, filing/investigating/commenting on the following open
bugs:
- LP: #397906 (blank cd-r not detected [Karmic]) -- still broken
- LP: #478493 (radeon 7500 and KMS). This could be another bug, but
after
a while compiz crashes -- broken, needs more investigating
- notify-osd artifacts (EXA vs XAA and Jaunty/Karmic workarounds
makes
no difference) -- bug pending
- LP: #399039 (Typing notification in empathy doesn't work for XMPP
(google talk and jabber)) -- triaged, fix now pending
- LP: #503213 (APIC kernel trace). Found upstream bug which said it
should
be fixed in .33 or later -- still not fixed in Ubuntu
* the good news
- boot is fast
- 3D performance is at least as good as in Jaunty (Karmic is broken),
excepting compiz crashing (see above)
- suspend/resume works very well so far (~5 attempts)
== Community ==
* security-lucid-sponsorship-review: wrote report-todo-sonsoring
* participated in ubuntu-server meeting (libvirt and asterisk)
* ReleaseStatus meeting
== Archive ==
* process new
= Kees Cook =
Weekly Role: community
== Updates ==
* patch/test/published krb5 update (USN-879-1)
== Technology Development ==
* created test script to identify hardening regressions in built
packages.
* improved sorting of workitems.py
* created simple performance test for evince.
== Technology Integration ==
* added hardening-includes to evince build.
* hunting apport-lack-of-crash issue (LP: #498525).
* hunting gnome-screesaver crash-on-activation (LP: #503961).
* tested and uploaded new AppArmor from upstream.
* modified ifupdown and apparmor to avoid liveCD.
== Auditing ==
* identified distro releases partners are targeting to encourage
hardening.
* examining timings of evince profile loading.
* hunting umt build failures with certain tar balls.
* MIR review of python-openid (LP: #492319)
* MIR review of nagios-nrpe (LP: #492340)
* MIR review of libssh (LP: #492931)
== Community ==
* security team meeting
* DMB meeting
* reviewed and uploaded pdns-recursor for karmic, jaunty, intrepid from
cemc
= Marc Deslauriers =
Weekly role: triage
== Issue Tracking ==
* CVE triage
* security bug triage
== Updates ==
* Worked on, tested and released USN-880-1: GIMP vulnerabilities
* Worked on php5 issues (blocked on soyuz bug LP: #504078)
* Worked on network-manager-applet issues
== Technology development ==
* Created DebuggingScreenLocking wiki page
* Created DebuggingScreenLocking/HowScreenLockingWorks wiki page
* Investigated php5 bug (was actually php-imap) (LP: #485973)
* Investigated php5 build failure and opened bug LP: #504078
== Canonical ==
* Security team weekly meeting
* Updated blueprints
--
Robbie Williamson robbie at ubuntu.com
Ubuntu robbiew[irc.freenode.net]
"You can't be lucky all the time, but you can be smart everyday"
-Mos Def
"Arrogance is thinking you are better than everyone else, while
Confidence is knowing no one else is better than you." -Me ;)
More information about the ubuntu-devel
mailing list