== Meeting information == * #ubuntu-meeting Meeting, 25 Nov at 16:45 — 17:15 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-11-25-16.45.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:45. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:46. === Highlighted packages === The discussion about "Highlighted packages" started at 17:09. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/network-manager-openvpn.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/turba2.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/smsclient.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/djbdns.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/feh.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 17:10. == Vote results == == Action items == * (none) == People present (lines said) == * jdstrand (46) * mdeslaur (15) * jjohansen (12) * tyhicks (12) * chrisccoulson (9) * sbeattie (8) * sarnold (7) * meetingology (3) * ubottu (2) == Full Log == 16:45 #startmeeting 16:45 Meeting started Mon Nov 25 16:45:24 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:45 16:45 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:45 The meeting agenda can be found at: 16:45 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:45 [TOPIC] Announcements 16:45 Thanks to Thomas Ward (teward) provided debdiffs for precise-saucy for nginx (LP: #1253691) 16:45 Launchpad bug 1253691 in nginx (Ubuntu Trusty) "Specially crafted request URI permits security restriction bypass [CVE-2013-4547]" [High,Fix released] https://launchpad.net/bugs/1253691 16:45 Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:46 [TOPIC] Weekly stand-up report 16:46 I'll go first 16:46 I have a very short week this week. I am working today and tomorrow 16:46 I'm on triage 16:46 I'm working on an update for keystone which should go out today 16:46 jdstrand: I'll take over triage for the rest of the week 16:46 mdeslaur: thanks :) 16:47 and I need to get the work items in shape for this cycle. I figure I'll work with you guys on that when I have something to review 16:47 mdeslaur: you're up 16:47 I'm on community this week 16:47 I have some jpeg updates to write some test scripts for 16:48 and am working on merging ruby and uploading some packages in an attempt to get ruby1.8 demoted from main 16:48 since we now have three rubys in main, and I don't want that for a 5-year supported lts 16:48 what's the story with puppet there? 16:48 (and yes, great idea) 16:49 hrm, good question 16:49 well, worht looking at. I don't mean to derail the meeting 16:49 looks like it's using whatever ruby is default instead of 1.8 16:49 so 1.9.1 presumably 16:50 it didn't show up on my list of reverse depends 16:50 cool 16:50 ah, perfect 16:50 pending that, I'll be going down the cve list, as usual 16:50 that's it from me 16:50 sbeattie: you're up 16:50 (if you're here...) 16:50 that was the only thing I could think of otoh that might be weird. glad it isn't an issue at all :) 16:50 I'm on apparmor again this week 16:51 I'll be working on testing improvements as well as some parser fixes/improvements 16:51 Which is pretty much it for me. 16:51 is that for IPC? 16:51 the testing stuff, yes. The parser bits, no. 16:52 tyhicks: I think you're up. 16:52 I have a very short week this week 16:52 I'm only working today 16:52 Right now, I'm looking into some apparmor_parser oddness 16:52 It segfaults if I change AA_DBUS_EAVESDROP from (1 << 5) to (1 << 7) 16:52 That shouldn't happen and makes me think there's a bigger bug lurking somewhere 16:52 I'll spend a little more time on that 16:52 Then I'm going to switch to the yama on touch work items 16:52 (I haven't been able to start on them yet) 16:53 tyhicks: I didn't think having a week shorter than mine was possible :) 16:53 jdstrand: beat ya :) 16:53 that's it for me 16:53 bunch of slackers :) 16:53 jjohansen: you're up 16:53 tyhicks: oh hrm, is that with the patch set you submitted? 16:53 sbeattie: yep 16:53 * jjohansen is working on apparmor ipc again this week. 16:54 I need to coordinate with sbeattie on some testing and see if I can't get him a new kernel 16:55 +1 16:55 jjohansen(, sbeattie): can you give a brief update on IPC (eg, are we still on track for ppa this month, archive, next, etc)? 16:56 jdstrand: we are running behind, since this week is the last week of the month. PPA this month might not happen, if not this week though hopefully next 16:57 jjohansen: ok, well, please don't feel like you have to work through the holiday 16:58 who me? 16:58 never 16:58 :) 16:58 jjohansen: was there anything on goldfish? 16:58 s/thing/ update/ 16:59 oh, I suppose I need to send the patch to the kernel team today, and make sure, the apparmor=0 work around is reverted once the kernel rolls out 16:59 ah, so you found the problem? what was it? 16:59 it was that patch from last week, the #ifdef SMP 16:59 one 17:00 oh, interesting. I thought that was something else 17:00 cool 17:00 (that but number was old iirc) 17:00 anyhoo, nice! :) 17:01 jdstrand: well there was a bug against the saucy kernel from some guy doing self compiled kernels 17:01 that was the old bug number, same bug really 17:01 sarnold: your up 17:03 I'm in the happy place this week, also a short week, off thursday and friday; I have a merge of libgcrypt11 to work on, a new MIR audit, and -maybe- ask for a CVE for an already-known issue I discovered while working on a MIR audit last week 17:04 it'd be wonderful to make some further dents in the apparmor patches that are still unreviewed, I know there's several of them left.. 17:04 I think that's it for me, chrisccoulson you're up :) 17:04 yoyo 17:05 the oxide packaging is almost done now. just waiting on https://code.launchpad.net/~osomon/oxide/initial-build-fixes/+merge/195076, which is basically the last blocker 17:05 i should have it in a PPA after that :) 17:05 this week, i'm focusing on getting bug 1214049 finished 17:05 bug 1214049 in Oxide "Support accelerated compositing" [High,In progress] https://launchpad.net/bugs/1214049 17:06 \o/ 17:06 oSoMoN has been contributing some fixes as well now 17:06 wow :) 17:06 \o/ :D 17:07 so we got http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/257 and http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/256 last week 17:07 i think that's me done 17:08 chrisccoulson: nice! :) 17:08 oh, i had the joy of learning how to use bzrlib last week too 17:08 that wasn't fun ;) 17:09 :) 17:09 [TOPIC] Highlighted packages 17:09 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:09 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:09 http://people.canonical.com/~ubuntu-security/cve/pkg/network-manager-openvpn.html 17:09 http://people.canonical.com/~ubuntu-security/cve/pkg/turba2.html 17:09 http://people.canonical.com/~ubuntu-security/cve/pkg/smsclient.html 17:10 http://people.canonical.com/~ubuntu-security/cve/pkg/djbdns.html 17:10 http://people.canonical.com/~ubuntu-security/cve/pkg/feh.html 17:10 [TOPIC] Miscellaneous and Questions 17:10 Does anyone have any other questions or items to discuss? 17:10 djbdns? o_O I'm shocked :) 17:11 the CVEs are old. possibly needs more triage 17:12 well, the package version we ship hasn't changed since precise, either. 17:15 mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks! 17:15 thanks jdstrand :) 17:15 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)