#title #ubuntu-meeting Meeting Meeting started by jdstrand at 17:04:39 UTC. The full logs are available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2011/ubuntu-meeting.2011-09-12-17.04.log.html . == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting (jdstrand, 17:04:46) *Weekly stand-up report *Highlighted packages ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/monotone.html (jdstrand, 17:23:04) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/ember.html (jdstrand, 17:23:10) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/policycoreutils.html (jdstrand, 17:23:15) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/citadel.html (jdstrand, 17:23:21) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/xcftools.html (jdstrand, 17:23:26) *Miscellaneous and Questions Meeting ended at 17:29:12 UTC. == Votes == == Action items == * (none) == People present (lines said) == * jdstrand (42) * mdeslaur (11) * zooko (7) * kees (6) * sbeattie (6) * tyhicks (6) * micahg (5) * meetingology (3) * jjohansen (1) == Full Log == 17:04:39 #startmeeting 17:04:39 Meeting started Mon Sep 12 17:04:39 2011 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/AlanBell/mootbot. 17:04:39 17:04:39 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 17:04:46 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 17:05:10 hah "#lurk" 17:05:19 heh 17:05:21 [TOPIC] Weekly stand-up report 17:05:25 I'll go first 17:06:00 I'm in the happy place this week (thankfully :P) 17:06:14 jdstrand: thanks for covering for me 17:06:21 heh, np :) 17:06:38 I am reviewing an embargoed issue 17:06:48 have miscellaneous P&C tasks 17:06:53 have patch piloting this week 17:07:04 and will continue to work with jjohansen on dbus/apparmor 17:07:14 \o/ 17:07:14 oh, and metrics work items as have time 17:07:27 that's it from me 17:07:29 jjohansen: :) 17:07:34 kees: you're up 17:08:23 I'm going to be focusing on training and documentation this week 17:08:45 working through my list, basically. 17:09:01 I have some MIRs and patch pilot work today 17:11:02 that's about it for now. I'll have a blog post with some news later today 17:11:13 thanks kees 17:11:19 mdeslaur: you're next 17:11:24 Ah! yes! 17:11:26 :) 17:11:30 I'm working on cups updates 17:11:39 and will probably tackle ffmpeg next 17:11:59 ah, good :) 17:12:00 I'm on community this week, although there's nothing in the queue (hint: C'mon community!) 17:12:32 and I'll probably be spending some time with kees, there's a few things he wants to show me 17:12:38 and...that's it! 17:12:45 (yeah, the last couple of weeks haven't had a lot of community for me to sponsor) 17:13:02 sbeattie: next! 17:13:04 s/community/community work/ 17:13:32 I'm on triage this week. 17:13:53 Hope I'm not interrupting, but I have a community security issue for you. 17:13:56 I'm also working on openssl. 17:14:12 zooko: can you bring it up at the end? I'll ping you 17:14:21 Ok 17:14:29 zooko: end should be more than another 5-10 min away 17:14:37 shouldn't be, that is 17:15:41 That's pretty much it for me. 17:16:54 micahg: you're up 17:17:12 ok, so I'm still cleaning up after DigiNotar, we're in week 3 of this mess 17:17:57 qt4-x11, thunderbird, and chromium (maybe seamonkey at the end of the week) 17:18:24 also, the next round of Mozilla builds should be coming soonish, will get them staged as they come 17:19:05 I also have patch piloting once chromium is done 17:19:08 that's it 17:19:59 jeez, 3 patch pilots from our team this week... 17:20:09 tyhicks: you're up 17:20:21 I am still coming up to speed in the new role, but I feel like I can put the finishing touches on patching and testing of a mutt fix I've been working on 17:20:39 \o/ 17:20:45 I've found a bug in mutt (possibly a regression from the fix mentioned above) while doing initial testing and I'll get that fixed 17:21:15 Then I plan on taking ownership of another item in the CVE queue and/or learning the triaging process 17:21:27 nice :) 17:21:30 In the rest of the time, I've still got a small eCryptfs kernel maintainer backlog to get through 17:21:34 That's it 17:21:53 tyhicks: \o/ 17:22:02 tyhicks: sounds great :) 17:22:05 thanks, all :) 17:22:25 [TOPIC] Highlighted packages 17:22:32 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. 17:23:04 http://people.canonical.com/~ubuntu-security/cve/pkg/monotone.html 17:23:10 http://people.canonical.com/~ubuntu-security/cve/pkg/ember.html 17:23:15 http://people.canonical.com/~ubuntu-security/cve/pkg/policycoreutils.html 17:23:21 http://people.canonical.com/~ubuntu-security/cve/pkg/citadel.html 17:23:26 http://people.canonical.com/~ubuntu-security/cve/pkg/xcftools.html 17:23:38 [TOPIC] Miscellaneous and Questions 17:23:47 zooko: what's up? 17:24:26 The Tahoe-LAFS team has found a security flaw in Tahoe-LAFS which is present in all versions included in Ubuntu Lucid and newer. 17:24:44 We have a fix patch, announcement text, docs, etc. but haven't divulged details to anyone yet. 17:25:05 zooko: have you filed a bug with Ubuntu yet? 17:25:09 The impact is moderate -- it could allow a sufficiently motivated malicious person to delete files but not to read or alter them. 17:25:19 No -- I'll do that within an hour or so. 17:26:04 zooko: thanks for the heads up. please file it at https://bugs.launchpad.net/ubuntu/+source/tahoe-lafs/+filebug and check the 'This bug is a security vulnerability' box 17:26:15 zooko: the bug will be sent to us and will be private 17:26:23 zooko: we can coordinate via the bug then 17:26:25 Okay. 17:27:14 Does anyone have any other questions or items to discuss? 17:28:42 alright 17:29:05 kees, mdeslaur, sbeattie, micahg, tyhicks, jjohansen, zooko: thanks! 17:29:11 thanks jdstrand! 17:29:12 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/AlanBell/mootbot)