June 2015 - security-team - Fedora Mailing-Lists

[Fedocal] Reminder meeting : Weekly Security Team meeting

by Eric Christensen

Dear all, You are kindly invited to the meeting: Weekly Security Team meeting on 2015-06-25 from 14:00:00 to 15:00:00 UTC At fedora-meeting(a)irc.freenode.net The meeting will be about: Weekly meeting of the Security Team. More information available at: [https://fedoraproject.org/wiki/Security_Team_meetings](https://fedoraproj... Source: https://apps.fedoraproject.org/calendar/meeting/1986/

8 years, 3 months

1
0
0 / 0

[Fedocal] Reminder meeting : Weekly Security Team meeting

by Eric Christensen

Dear all, You are kindly invited to the meeting: Weekly Security Team meeting on 2015-06-18 from 14:00:00 to 15:00:00 UTC At fedora-meeting(a)irc.freenode.net The meeting will be about: Weekly meeting of the Security Team. More information available at: [https://fedoraproject.org/wiki/Security_Team_meetings](https://fedoraproj... Source: https://apps.fedoraproject.org/calendar/meeting/1986/

8 years, 3 months

2
1
0 / 0

LXC template security

by Major Hayden

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey folks, I noticed that a few of us are involved in the LXC template security issue that cropped up in a few different tickets: https://bugzilla.redhat.com/show_bug.cgi?id=1132001 https://bugzilla.redhat.com/show_bug.cgi?id=1132002 https://bugzilla.redhat.com/show_bug.cgi?id=1132003 https://bugzilla.redhat.com/show_bug.cgi?id=1132004 Unfortunately, I grabbed 1132004 and overlooked the others. If y'all are already working through this one with upstream, I'll gladly hand it off. ;) - -- Major Hayden -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVgBvHAAoJEHNwUeDBAR+xGG0P/3cZBg1gi3yWtVP6jGoIR45k 9JSKz1HGe6MYGHQlb2Mr6jpQKtTHcQUg346hhlzux4l9qKbzKg0O22OMD/fmE67N +ILBtRbbHw+/yaS2wN21eBTXBkE/+UZtml3pprLhv40g7xZT72Fo5IhfuwiNfy0Y zD4nVrbeqxBc2jNRD04xB+vCc0RA5rxTTrvoZOlg+IndnRCoJYAypkSP4wxOpUZU RlCvs+Wq6uIGBPhAdLQQ3vaJ/7V5wA+zK6/shXrSvKpnGJ/YPVfZ2eMBy/0R7M9v bb5Xz8E6TmGCueN3nKLx0Jn2favlf26DKQBxg2EF0zlUM4UGKTnS58ZqxDc2C8D1 8OGo01+bjVddaes8ielGXUhl54Wo1l8T7YwzWe2tpTxi0zKNa48PY6/Xigq66U5q 8JCK8IOAEdhtNAHYHcmM6xjFIe0g4zmM09E2YcakJb05y9+97JHt8YoYEhkE+c8S j+WInqCKUNEEtdGmgFeIPncrVxPRObZ8RKJONA4zeWOW/TN/zPiqPIK2uvOLE5E5 WingxuvzvbglZMe+2xah9EutYyJWZ07NEjtJTVu9eLNGQ7C6fQ1Y6uQY61rJlqdg sFqRXMFrP4oxeejwD5BduB+dWYbDVzxmaTmdrQ1jXS2sjNlnYxPZMq9/EE/gbKgn +D9di2533T0bVd2b8Wgy =waVt -----END PGP SIGNATURE-----

8 years, 3 months

3
6
0 / 0

90-Day Challenge update

by Eric Christensen

Yesterday evening I reviewed the remaining open bugs[0] on the 90-day Challenge. Any bug that had not been touched in a while (and by that I mean this year) by the "FST Owner" had the owner removed. I've updated the spreadsheet to reflect these changes. Also, if the ticket is going to expire due to it only affecting Fedora 20 then I wouldn't worry about it too much. We can/should focus our efforts on the plethora of other tickets that are out there. As of this morning the 90-Day Challenge numbers look like this: Open 23 On_QA 1 Closed 14 [0] https://ethercalc.org/90-day-challenge --Eric

8 years, 3 months

2
2
0 / 0

Fedora Security Team meeting minutes for 2015-06-11

by Eric Christensen

====================================================================================================== #fedora-meeting: Security Team Meeting - Agenda: https://fedoraproject.org/wiki/Security_Team_meetings ====================================================================================================== Meeting started by Sparks at 14:00:15 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2015-06-11/fedora_securit... . Meeting summary --------------- * Roll Call (Sparks, 14:00:25) * Follow up on last week's tasks (Sparks, 14:05:20) * jsmith pushed the fix for rubygem-activesupport (BZ 905374). We officially no longer have any critical vulnerabilities in Fedora or EPEL (that we know of). (Sparks, 14:05:58) * Sparks blogged about the 90-day challenge (Sparks, 14:06:17) * ACTION: FabioOlive will propose automated non-responsive maintainer process on the FST list (Sparks, 14:06:48) * ACTION: Team Goal: All important CVEs from 2014 and before should be fixed by the end of June. (Sparks, 14:07:01) * 90-Day Challenge (Sparks, 14:07:15) * LINK: https://ethercalc.org/90-day-challenge (Sparks, 14:07:22) * 90-Day Challenge has a goal to close all 2014 and prior Important CVEs in Fedora (Sparks, 14:07:31) * As of 2015-06-11, of the 38 target bugs 14 have been closed, 1 is On_QA, and 23 are Open (Sparks, 14:07:40) * ACTION: Sparks to remove FST_Owner from 90-day Challenge bugs where there doesn't appear to be any interaction (Sparks, 14:07:52) * Outstanding BZ Tickets (Sparks, 14:21:53) * Thursday's numbers: Critical 0 (-1), Important 48 (+3), Moderate 360 (-14), Low 162 (-2), Total 574, Trend -14 (Sparks, 14:22:00) * Current tickets owned: 107 (Sparks, 14:22:09) * Tickets closed: 328 (+8) (Sparks, 14:22:16) * New Meeting Time (Sparks, 14:28:16) * LINK: http://whenisgood.net/98rtz7p/results/eyz7qkh (Sparks, 14:28:27) * Open floor discussion/questions/comments (Sparks, 14:41:13) Meeting ended at 14:54:43 UTC. Action Items ------------ * FabioOlive will propose automated non-responsive maintainer process on the FST list * Team Goal: All important CVEs from 2014 and before should be fixed by the end of June. * Sparks to remove FST_Owner from 90-day Challenge bugs where there doesn't appear to be any interaction Action Items, by person ----------------------- * Sparks * Sparks to remove FST_Owner from 90-day Challenge bugs where there doesn't appear to be any interaction * **UNASSIGNED** * FabioOlive will propose automated non-responsive maintainer process on the FST list * Team Goal: All important CVEs from 2014 and before should be fixed by the end of June. People Present (lines said) --------------------------- * Sparks (66) * pjp (38) * d-caf (28) * mhayden (12) * striker (7) * zodbot (6) * pingou (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot

8 years, 3 months

1
0
0 / 0

[Fedocal] Reminder meeting : Weekly Security Team meeting

by Eric Christensen

Dear all, You are kindly invited to the meeting: Weekly Security Team meeting on 2015-06-11 from 14:00:00 to 15:00:00 UTC At fedora-meeting(a)irc.freenode.net The meeting will be about: Weekly meeting of the Security Team. More information available at: [https://fedoraproject.org/wiki/Security_Team_meetings](https://fedoraproj... Source: https://apps.fedoraproject.org/calendar/meeting/1986/

8 years, 3 months

1
0
0 / 0

Updated F20 Tickets

by Eric Christensen

I've now gone through and updated all the Critical, Important, and Medium Fedora tracker bugs for CVEs that were subject to the Fedora 20 expiration. I believe there were some others that also pitched in to help (thanks!). I noticed quite a few of the trackers apply to rawhide which means there are still a lot of packages that aren't being maintained but rather just pushed into the next version without a thought. Not sure what the answer is to this but maybe that's something else we can figure out. --Eric

8 years, 3 months

3
3
0 / 0

[Fedocal] Reminder meeting : Weekly Security Team meeting

by Eric Christensen

Dear all, You are kindly invited to the meeting: Weekly Security Team meeting on 2015-06-04 from 14:00:00 to 15:00:00 UTC At fedora-meeting(a)irc.freenode.net The meeting will be about: Weekly meeting of the Security Team. More information available at: [https://fedoraproject.org/wiki/Security_Team_meetings](https://fedoraproj... Source: https://apps.fedoraproject.org/calendar/meeting/1986/

8 years, 4 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

security-team June 2015