== Security Team Weekly Summary for 02 March 2018 ==

||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position:  98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;"><<TableOfContents>>||

The [[SecurityTeam|Security Team]] weekly reports are intended to be very short summaries of the Security Team's weekly activities. 

If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com

During the last week, the Ubuntu Security team:
 * Triaged 351 public security vulnerability reports, retaining the 126 that applied to Ubuntu.
 * Published 3 Ubuntu Security Notices which fixed 5 security issues (CVEs) across 3 supported packages.

=== Ubuntu Security Notices ===
 * [[https://www.ubuntu.com/usn/usn-3586-1|[USN-3586-1] DHCP vulnerabilities ]]
 * [[https://www.ubuntu.com/usn/usn-3579-2|[USN-3579-2] LibreOffice regression ]]
 * [[https://www.ubuntu.com/usn/usn-3584-1|[USN-3584-1] sensible-utils vulnerability ]]

=== Bug Triage ===
 * Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs

=== Mainline Inclusion Requests ===
 * openjpeg2 (LP: #Bug:711061) paused
 * brotli (LP: #Bug:1737053) completed
 * bolt underway (LP: #Bug:1752056)
 * fprintd underway (LP: #Bug:1745455)
 * MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D

=== Updates to Community Supported Packages ===
 * Simon Deziel provided debdiffs for xenial-artful for tor (LP: #Bug:1731698)
 * Philip Rinn provided a debdiff for artful for qtpass (LP: #Bug:1747954)

=== Development ===
 * reviews
  * libreoffice apparmor profile update
  * PR 4741 - cmd/snap-update-ns: use recursive bind mounts for writable mimic (layouts)
  * PR 4745 - osutil: allow creating strings out of MountInfoEntry
  * PR 4747 - cmd/snap-update-ns: use recursive bind mounts for writable mimic (layouts) - 2.32
  * PR 4760 - generate and use per-snap snap-update-ns profiles (layouts)
  * PR 4768 - snap userd autostart v2
  * PR 4766 - userd: add an OpenFile method for launching local files with xdg-open
  * PR 4765 - use snap name instead of wildcards (layouts)
 * strict snaps on livecd implementation: PR 4714 (address review feedback)
 * followed up on XDG_RUNTIME_DIR snapd bugs
 * fix review-tools bug wrt common-id, review/merge MP from Chipaca on improving the snap name validation test
 * prepare PR 4779 - livecd support for 2.32

=== What the Security Team is Reading This Week ===
 * [[ https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/wxX4Yv0E3Mk|How do you handle mass revocation requests?]]
 * [[ https://www.wired.com/story/github-ddos-memcached/ |GitHub Survived the Biggest DDOS Attack Ever Recorded]]

=== Weekly Meeting ===
 * Log: https://wiki.ubuntu.com/MeetingLogs/Security/20180226
 * Info: https://wiki.ubuntu.com/SecurityTeam/Meeting

=== More Info ===
 * [[http://people.canonical.com/~ubuntu-security/cve/| Ubuntu CVE Tracker]]
 * [[https://www.ubuntu.com/usn/| Ubuntu security notices]]
 * [[https://www.twitter.com/ubuntu_sec| Follow Ubuntu Security on Twitter]]
 * [[https://wiki.ubuntu.com/SecurityTeam/GettingInvolved| How to help improve Ubuntu security ]]