Weekly Security Team Summary, 2009-10-19

= Jamie Strandboge =

Role: happy place

== Issue Tracking ==
 * bug triage
 * CVE triage

== Updates ==
 * elinks update:
  * testing, publication
  * QRT: write test-elinks.py
 * pygresql update: analyze, patch, build

== Technology Development ==
 * file, develop reproducer LP: #455832 (segfault when attaching disk
   with same physical device)
 * follow up on virtualization bugs filed the other day
 * investigate LP: #456602 (libvirtError: operation failed: could not
   query memory balloon allocation)
 * test/fix LP: #456308 (drift file blocked by apparmor ntp profile)
 * test/triage LP: #457092 (starting a VM with an SDL display hangs
   virtmanager and virsh)
 * IOS testing (lots)
  * file and develop reproducer for LP: #457687 (error: Running
    'grub-install --no-floppy "/dev/md0"' failed.)
  * look into and comment on LP: #403215 (2.6.31 guest vm's unable to
    use virtio)
 * libvirt/apparmor:
  * learn about AoE (for libvirt/apparmor testing)
  * QRT: add AoE test libvirt testing for aoe
  * discuss LP: #453335 (apparmor complains about write access to a
    readonly file)
  * investigate LP: #457716 (apparmor denies save and restore) and
    provide workaround for 9.10
  * investigate and fix #457607 (cron errors: grep:
    /etc/libvirt/qemu/*.xml: No such file or directory)
  * QRT: added *many* more tests
  * lots more testing
  * prepare/test/upload 0.7.0-1ubuntu13
 * verify -proposed package for vblade in LP: #223440
 * UQT/vm-tools: implement snapshots for faster vm manipulation and
   better handling of pristine images. This will greatly speed up
testing
   and provide better quality test results
 * ufw (make backporting easier)
  * adjust debian/rules to only use upstart in Ubuntu 9.10 and later
  * adjust test suite to work with iptables 1.3.6 and higher

== Community ==
 * prepare for and participate in release meeting
 * weekly security team meeting
 * update https://help.ubuntu.com/community/ATAOverEthernet which was
   very out of date

== Auditing ==
 * start install audit tests for RC (importing initial reports into QRT)
 * get rng tests going on ronne for karmic

== Archive ==
 * process/review/discuss a bunch of NEW -partner packages
 * fix up kees' kernels being copied to the wrong places



= Kees Cook =
Weekly Role: triage

== Issue Tracking ==
 * reviewing eCryptfs CVE for kernel security updates (LP: #387073).
 * triaged 126 CVEs.
 * reviewed open security bugs.
 * reviewing old openjdk-6 CVEs.

== Updates ==
 * tested and published kernel updates (USN-852-1).

== Technology Development ==
 * adjusted CVE exporter to include bzr commit #.
 * adjusted CVE exporter to correctly calculate old EOL devel releases
 * wrote restorecon logic for mountall (LP: #456942)
 * fix mountall's usplash CLEAR usage (LP: #458389)
 * fix usplash's lack of pulsate (LP: #458398)

== Technology Integration ==
 * reviewing issues with SELinux stack, from ccase.
   * policycoreutils 100% cpu in restorecond (LP: #455739)
   * libselinux is missing all of python-selinux modules (LP: #455760)
   * setools needed to be recompiled for latest libselinux (LP: #455719)
   * mountall does not handle restorecon on tmpfs (LP: #456942)
   * selinux and refpolicy-ubuntu need Upstart/mountall changes (LP:
#456942)

== Auditing ==
 * reviewed LP: #374674 vs LP: #156720 with bdmurray.

== Community ==
 * security team meeting
* stripped and attached a PDF reproducer to an fdo bug for Thomas Hoger.



= Marc Deslauriers =
Weekly role: community

== Updates ==
 * Worked on, tested and released USN-850-1: poppler vulnerabilities
 * Worked on, tested and released USN-850-2: poppler regression
 * Researched poppler regression
 * Researched and worked on qt4-x11 updates

== Technology development ==
 * qa-regression-testing:
   - Added test-okular.py testing script
   - Added extra test cases to detect poppler regression
 * ISO testing

== Technology Integration ==
 * investigated AppArmor aa-logprof problem (LP: #446449)

== Community ==
 * Sponsored drupal5 and drupal6 security updates


--
Robbie Williamson <robbie@...>
Ubuntu


--
ubuntu-devel mailing list
ubuntu-devel@...
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel