Weekly Security Team Summary, 2009-10-19
Robbie Williamson
robbie at ubuntu.com
Tue Oct 27 12:14:13 GMT 2009
= Jamie Strandboge =
Role: happy place
== Issue Tracking ==
* bug triage
* CVE triage
== Updates ==
* elinks update:
* testing, publication
* QRT: write test-elinks.py
* pygresql update: analyze, patch, build
== Technology Development ==
* file, develop reproducer LP: #455832 (segfault when attaching disk
with same physical device)
* follow up on virtualization bugs filed the other day
* investigate LP: #456602 (libvirtError: operation failed: could not
query memory balloon allocation)
* test/fix LP: #456308 (drift file blocked by apparmor ntp profile)
* test/triage LP: #457092 (starting a VM with an SDL display hangs
virtmanager and virsh)
* IOS testing (lots)
* file and develop reproducer for LP: #457687 (error: Running
'grub-install --no-floppy "/dev/md0"' failed.)
* look into and comment on LP: #403215 (2.6.31 guest vm's unable to
use virtio)
* libvirt/apparmor:
* learn about AoE (for libvirt/apparmor testing)
* QRT: add AoE test libvirt testing for aoe
* discuss LP: #453335 (apparmor complains about write access to a
readonly file)
* investigate LP: #457716 (apparmor denies save and restore) and
provide workaround for 9.10
* investigate and fix #457607 (cron errors: grep:
/etc/libvirt/qemu/*.xml: No such file or directory)
* QRT: added *many* more tests
* lots more testing
* prepare/test/upload 0.7.0-1ubuntu13
* verify -proposed package for vblade in LP: #223440
* UQT/vm-tools: implement snapshots for faster vm manipulation and
better handling of pristine images. This will greatly speed up
testing
and provide better quality test results
* ufw (make backporting easier)
* adjust debian/rules to only use upstart in Ubuntu 9.10 and later
* adjust test suite to work with iptables 1.3.6 and higher
== Community ==
* prepare for and participate in release meeting
* weekly security team meeting
* update https://help.ubuntu.com/community/ATAOverEthernet which was
very out of date
== Auditing ==
* start install audit tests for RC (importing initial reports into QRT)
* get rng tests going on ronne for karmic
== Archive ==
* process/review/discuss a bunch of NEW -partner packages
* fix up kees' kernels being copied to the wrong places
= Kees Cook =
Weekly Role: triage
== Issue Tracking ==
* reviewing eCryptfs CVE for kernel security updates (LP: #387073).
* triaged 126 CVEs.
* reviewed open security bugs.
* reviewing old openjdk-6 CVEs.
== Updates ==
* tested and published kernel updates (USN-852-1).
== Technology Development ==
* adjusted CVE exporter to include bzr commit #.
* adjusted CVE exporter to correctly calculate old EOL devel releases
* wrote restorecon logic for mountall (LP: #456942)
* fix mountall's usplash CLEAR usage (LP: #458389)
* fix usplash's lack of pulsate (LP: #458398)
== Technology Integration ==
* reviewing issues with SELinux stack, from ccase.
* policycoreutils 100% cpu in restorecond (LP: #455739)
* libselinux is missing all of python-selinux modules (LP: #455760)
* setools needed to be recompiled for latest libselinux (LP: #455719)
* mountall does not handle restorecon on tmpfs (LP: #456942)
* selinux and refpolicy-ubuntu need Upstart/mountall changes (LP:
#456942)
== Auditing ==
* reviewed LP: #374674 vs LP: #156720 with bdmurray.
== Community ==
* security team meeting
* stripped and attached a PDF reproducer to an fdo bug for Thomas Hoger.
= Marc Deslauriers =
Weekly role: community
== Updates ==
* Worked on, tested and released USN-850-1: poppler vulnerabilities
* Worked on, tested and released USN-850-2: poppler regression
* Researched poppler regression
* Researched and worked on qt4-x11 updates
== Technology development ==
* qa-regression-testing:
- Added test-okular.py testing script
- Added extra test cases to detect poppler regression
* ISO testing
== Technology Integration ==
* investigated AppArmor aa-logprof problem (LP: #446449)
== Community ==
* Sponsored drupal5 and drupal6 security updates
--
Robbie Williamson <robbie at ubuntu.com>
Ubuntu
More information about the ubuntu-devel
mailing list