== Security Team Weekly Summary for 15 December 2017 ==

||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position:  98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;"><<TableOfContents>>||

The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. 

If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com

During the last week, the Ubuntu Security team:
 * Triaged 301 public security vulnerability reports, retaining the 47 that applied to Ubuntu.
 * Published 5 Ubuntu Security Notices which fixed 3 security issues (CVEs) across 7 supported packages.

=== Ubuntu Security Notices ===
 * [[https://www.ubuntu.com/usn/usn-3512-1|[USN-3512-1] OpenSSL vulnerabilities ]]
 * [[https://www.ubuntu.com/usn/usn-3513-1|[USN-3513-1] libxml2 vulnerability ]]
 * [[https://www.ubuntu.com/usn/usn-3513-2|[USN-3513-2] libxml2 vulnerability ]]
 * [[https://www.ubuntu.com/usn/usn-3509-3|[USN-3509-3] Linux kernel regression ]]
 * [[https://www.ubuntu.com/usn/usn-3509-4|[USN-3509-4] Linux kernel (Xenial HWE) regression ]]

=== Bug Triage ===
 * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs

=== Mainline Inclusion Requests ===
 * libteam underway (LP: #Bug:1392012)
 * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D

=== Development ===
 * Disable squashfs fragments in snap
   * https://github.com/snapcore/snapd/pull/4396
   * https://github.com/snapcore/snapcraft/pull/1805
   * prepared/tested/uploaded squashfs-tools fixes for 1555305 in bionic through trusty and did SRU paperwork
 * PR 4387 - explicitly deny ~/.gnupg/random_seed in gpg-keys interface
 * Submitted PR 4399 for rewrite snappy-app-dev in Go
 * Created PR 4406 - interfaces/dbus: adjust slot policy for listen, accept and accept4 syscalls
 * Reviews
   * PR 4365 - wayland slot implementation
 
=== What the Security Team is Reading This Week ===
 * [[ http://archive.is/PQAnU | Internet Chemotherapy ]]
 * [[ https://www.princeton.edu/~pmittal/publications/bgp-tls-hotpets17 |Using BGP to Acquire Bogus TLS Certificates ]]
 * [[ https://www.nist.gov/sites/default/files/documents/2017/12/05/draft-2_framework-v1-1_without-markup.pdf | Cyber Security Framework DRAFT ]]

=== Weekly Meeting ===
 * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20171211
 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting

=== More Info ===
 * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]]
 * [[https://www.ubuntu.com/usn/| Ubuntu security notices]]
 * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]]
 * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]