20180302

Security Team Weekly Summary for 02 March 2018

The Security Team weekly reports are intended to be very short summaries of the Security Team's weekly activities.

If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com

During the last week, the Ubuntu Security team:

  • Triaged 351 public security vulnerability reports, retaining the 126 that applied to Ubuntu.
  • Published 3 Ubuntu Security Notices which fixed 5 security issues (CVEs) across 3 supported packages.

Ubuntu Security Notices

Bug Triage

Mainline Inclusion Requests

Updates to Community Supported Packages

  • Simon Deziel provided debdiffs for xenial-artful for tor (LP: #1731698)

  • Philip Rinn provided a debdiff for artful for qtpass (LP: #1747954)

Development

  • reviews
    • libreoffice apparmor profile update
    • PR 4741 - cmd/snap-update-ns: use recursive bind mounts for writable mimic (layouts)

    • PR 4745 - osutil: allow creating strings out of MountInfoEntry

    • PR 4747 - cmd/snap-update-ns: use recursive bind mounts for writable mimic (layouts) - 2.32
    • PR 4760 - generate and use per-snap snap-update-ns profiles (layouts)
    • PR 4768 - snap userd autostart v2

    • PR 4766 - userd: add an OpenFile method for launching local files with xdg-open

    • PR 4765 - use snap name instead of wildcards (layouts)
  • strict snaps on livecd implementation: PR 4714 (address review feedback)
  • followed up on XDG_RUNTIME_DIR snapd bugs
  • fix review-tools bug wrt common-id, review/merge MP from Chipaca on improving the snap name validation test
  • prepare PR 4779 - livecd support for 2.32

What the Security Team is Reading This Week

Weekly Meeting

More Info

SecurityTeam/WeeklyReports/20180302 (last edited 2018-03-02 21:22:55 by emilyr)