Security Team Weekly Summary for 28 July 2017
The Security Team weekly reports are intended to be very short summaries of the Security Team's weekly activities.
If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com
During the last week, the Ubuntu Security team:
- Triaged 318 public security vulnerability reports, retaining the 164 that applied to Ubuntu.
- Published 16 Ubuntu Security Notices which fixed 101 security issues (CVEs) across 22 supported packages.
Ubuntu Security Notices
Bug Triage
Mainline Inclusion Requests
http-parser underway (LP: #1638957)
MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D
Development
- update review tools for base snaps and miscellaneous smaller updates
- investigate mmap denials for snapcrafter who is snapping a proprietary application and advise on working with executable stacks
document how to strace snaps
- submit miscellaneous policy updates PR to snapd
codify classic confinement processes based on sprint outcomes
AppArmor abstractions update to artful for python3.6 and systemd-resolved
- various snapd PR reviews
Weekly Meeting