#title #ubuntu-meeting Meeting Meeting started by jdstrand at 17:07:09 UTC. The full logs are available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2011/ubuntu-meeting.2011-08-15-17.07.log.html . == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting (jdstrand, 17:07:20) *Review of any previous action items *Weekly stand-up report *Highlighted packages ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/kolab-cyrus-imapd.html (jdstrand, 17:23:09) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/audacity.html (jdstrand, 17:23:14) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/neon26.html (jdstrand, 17:23:19) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/xymon.html (jdstrand, 17:23:23) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/monkeysphere.html (jdstrand, 17:23:27) *Miscellaneous and Questions ''LINK:'' http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=72fa59970f8698023045ab0713d66f3f4f96945c (bliss, 17:27:59) Meeting ended at 17:31:57 UTC. == Votes == == Action items == * (none) == People present (lines said) == * jdstrand (48) * kees (13) * mdeslaur (11) * micahg (10) * bliss (8) * sbeattie (8) * meetingology (7) == Full Log == 17:07:09 #startmeeting 17:07:09 Meeting started Mon Aug 15 17:07:09 2011 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/AlanBell/mootbot. 17:07:09 Useful Commands: #topic #action #link #idea #voters #vote #chair #action #agreed #help #info #endmeeting. 17:07:19 The meeting agenda can be found at: 17:07:20 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 17:07:24 [TOPIC] Review of any previous action items 17:07:24 TOPIC: Review of any previous action items 17:07:44 huh, that's new 17:07:47 yeah 17:07:50 meetingology: hello 17:07:50 jdstrand: Error: "hello" is not a valid command. 17:08:01 anyhoo 17:08:19 seems we don't have any ACTION items from last week, so moving on 17:08:25 [TOPIC] Weekly stand-up report 17:08:25 TOPIC: Weekly stand-up report 17:08:30 I'll go first 17:08:44 so, I am back after my tour of the southern US 17:09:04 as such, I am dealing with quite a bit of backlog (email, et al) 17:09:28 in addition to that, I have some dbus/apparmor stuff to get back to 17:09:40 (sorry I didn't get dbus uploaded before FF) 17:10:00 I saw a few Oneiric apparmor profile bugs come in, so I'll fix those 17:10:09 and then a bunch of archive admin catch-up 17:10:32 I may pick up an update, but have a feeling I will not get to it 17:10:40 that's it from me 17:10:44 kees: you're up 17:11:03 okay, I'm on triage 17:11:18 and since I didn't get much triage done last week, this week will have more! :) 17:11:46 the kernel bug sync tools are in good shape now; they implement everything apw and I have identified as needing to be implemented. 17:11:58 kees: nice! 17:12:18 but I'll continue to keep an eye on it for tweaks. after that, I seriously need to get a handle on my work items 17:12:35 the graphing stuff just keeps slipping 17:12:42 in other news, kvm is now PIE 17:12:56 why bother, nobody would waste their time writing a kvm exploit 17:13:12 bliss: your join and that comment were perfectly timed! 17:13:19 * bliss bows 17:13:20 anyway, that's it from me. mdeslaur is up! 17:13:24 re kvm> woohoo 17:13:25 hiya! 17:13:27 :) 17:13:28 when will ax25d be PIE? 17:13:46 * mdeslaur points troll finger at bliss 17:13:58 so, I justpublished two updates 17:14:03 and I _still_ have foomatic to test 17:14:15 I'm currently working on some new stuff for vm-new 17:14:21 and will also go down the list 17:14:26 that's it from me 17:14:28 sbeattie: you're up 17:14:47 (oh, did a ton of MIR work last week. there is still more to do...) 17:14:55 I'm still wading through email after having most of last week off. 17:15:01 I'm on community this week. 17:15:26 and I have two days of holiday at the end of this week. 17:15:54 I also need to untangle my work items and do more stuff on the apparmor front. 17:16:09 that's pretty much it for me. 17:16:16 micahg: over to you 17:16:41 should be publishing a long overdue webkit update today 17:16:50 \o/ 17:16:52 \o/ 17:16:55 on track to release Firefox and Thunderbird tomorrow with upstream 17:17:00 \o/ 17:17:04 micahg: awesome :) 17:17:31 when that's all done, the last chromium update broke html5 on maverick and natty, so I've held off on publishing 17:17:49 micahg: is upstream aware of it? 17:18:14 idk, I tried to ask in their support channel yesterday w/no response, will try later today 17:18:25 grr.. 17:18:34 weekend is understandable :) 17:19:31 later this week, I need to discuss with pitti about Maverick migrating to Firefox 6 w/the final langpack update 17:20:14 I'd like to have 6 go through proposed/updates, then 7 will go through -security 17:20:15 micahg: does that mean lucid will get firefox 6 soon? 17:20:41 jdstrand: not necessarily, I'm still waiting on upstream's plans for 3.6.x EOL 17:20:50 makes sense 17:21:16 though, since maverick and lucid have the same release, I wonder if it is worth the effort there 17:21:21 this is driven by the end of langpack updates for maverick which is needed for the rapid release migration 17:21:22 (ie, on maverick) 17:21:35 ah 17:22:33 so, that's it for me 17:22:41 thanks 17:22:50 [TOPIC] Highlighted packages 17:22:50 TOPIC: Highlighted packages 17:23:00 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. 17:23:09 http://people.canonical.com/~ubuntu-security/cve/pkg/kolab-cyrus-imapd.html 17:23:14 http://people.canonical.com/~ubuntu-security/cve/pkg/audacity.html 17:23:19 http://people.canonical.com/~ubuntu-security/cve/pkg/neon26.html 17:23:23 http://people.canonical.com/~ubuntu-security/cve/pkg/xymon.html 17:23:27 http://people.canonical.com/~ubuntu-security/cve/pkg/monkeysphere.html 17:23:36 [TOPIC] Miscellaneous and Questions 17:23:36 TOPIC: Miscellaneous and Questions 17:23:44 Does anyone have any other questions or items to discuss? 17:25:26 * bliss cheers for acceptance of patch that prevents missing setuid return code checks from being root holes 17:25:43 bliss: where? 17:25:46 oh, neat 17:25:50 where is that? 17:25:53 upstream kernel, let me find link 17:26:07 cool! 17:27:08 bliss: is this segoon's work? 17:27:11 yeah 17:27:59 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=72fa59970f8698023045ab0713d66f3f4f96945c 17:28:26 oh! excellent. 17:29:12 nice 17:29:41 rockin' 17:30:26 anything else? 17:30:30 i guess stealth will have to find a new vuln class to root android kernels with 17:30:37 heh 17:31:50 alrighty then 17:31:55 thanks everyone! 17:31:57 #endmeeting Generated by MeetBot 0.1.4 (http://wiki.ubuntu.com/AlanBell/mootbot)