== Security Team Weekly Summary for 14 July 2017 ==

The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. 

If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com

During the last week, the Ubuntu Security team:
 * Triaged 468 public security vulnerability reports, retaining the 74 that applied to Ubuntu.
 * Published 4 Ubuntu Security Notices which fixed 4 security issues (CVEs) across 4 supported packages.

=== Ubuntu Security Notices ===
 * [[https://www.ubuntu.com/usn/usn-3351-1|[USN-3351-1] Evince vulnerability ]]
 * [[https://www.ubuntu.com/usn/usn-3352-1|[USN-3352-1] nginx vulnerability ]]
 * [[https://www.ubuntu.com/usn/usn-3353-1|[USN-3353-1] Heimdal vulnerability ]]
 * [[https://www.ubuntu.com/usn/usn-3353-2|[USN-3353-2] Samba vulnerability ]]

=== Bug Triage ===
 * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs

=== Mainline Inclusion Requests ===
 * gdm3 completed (LP: #Bug:1686393)
 * htop underway (LP: #Bug:1644364)
 * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D

=== Updates to Community Supported Packages ===
 * Simon Quigley (tsimonq2) provided debdiffs for trusty-artful for vlc (LP: #Bug:1693893)

=== Development ===
 * [[https://github.com/snapcore/snapd/pull/3591|Greengrass interface completed]]
 * fscrypt and argon2 packages are now available for testing in [[https://launchpad.net/~ubuntu-security/+archive/ubuntu/ubuntu-security-staging|security-staging]]

=== Weekly Meeting ===
 * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20170710
 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting

=== What the Security Team is Reading This Week ===
 * [[https://tools.ietf.org/html/draft-cope-heh-00| Hash-Encrypt-Hash, a block cipher mode of operation ]]
 * [[https://tools.ietf.org/html/draft-green-tls-static-dh-in-tls13-01|Data Center use of Static Diffie-Hellman in TLS 1.3]]

=== More Info ===
 * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]]
 * [[https://www.ubuntu.com/usn/| Ubuntu security notices]]
 * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]]
 * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]