Security Team Update: October 5, 2017

The Security Team weekly reports are intended to be very short summaries of the Security Team’s weekly activities.

If you would like to reach the Security Team, you can find us at the #ubuntu-hardened channel on FreeNode. Alternatively, you can mail the Ubuntu Hardened mailing list at: ubuntu-hardened@lists.ubuntu.com

During the last week, the Ubuntu Security team:

• Triaged 195 public security vulnerability reports, retaining the 38 that applied to Ubuntu.
• Published 1 Ubuntu Security Notice which fixed 1 security issue (CVE) in 1 supported package.

Ubuntu Security Notices

• [USN-3429-1] Libplist vulnerability

Bug Triage

• Backlog: https://bugs.launchpad.net/~ubuntu-security/+subscribedbugs

Mainline Inclusion Requests

• python-pyelftools completed (LP: #1630073)
• MIR backlog: https://bugs.launchpad.net/~ubuntu-security/+assignedbugs?field.searchtext=%5BMIR%5D

Development

• AppArmor merge for 4.14 (rc2)
• Seccomp merge for 4.14 (rc2)

What the Security Team is Reading This Week

• A Large-Scale Empirical Study of Security Patches
• The Ceremony

Weekly Meeting

• There was no weekly meeting on 25 September because the entire team was attending the Ubuntu Rally.
• Info: https://wiki.ubuntu.com/SecurityTeam/Meeting

More Info

• Ubuntu CVE Tracker
• Ubuntu security notices
• Follow Ubuntu Security on Twitter
• How to help improve Ubuntu security