18:04:30 <jdstrand> #startmeeting 18:04:30 <meetingology> Meeting started Mon Dec 17 18:04:30 2012 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:04:30 <meetingology> 18:04:30 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:04:34 <jdstrand> The meeting agenda can be found at: 18:04:35 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:04:39 <jdstrand> [TOPIC] Announcements 18:04:59 <jdstrand> thanks to Christian Kuersteiner (ckuerste) provided a debdiff for lucid for pgbouncer (LP: #1083414) 18:05:01 <ubottu> Launchpad bug 1083414 in pgbouncer (Ubuntu Raring) "DoS-Vulnerability in pgbouncer" [Undecided,Fix released] https://launchpad.net/bugs/1083414 18:05:08 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 18:05:13 <jdstrand> [TOPIC] Weekly stand-up report 18:05:17 <jdstrand> I'll go first 18:05:32 <jdstrand> I've got a short week this week-- off Thu and Fri 18:05:39 <jdstrand> I'm on community 18:06:23 <jdstrand> I plan to look at an old apport/apparmor hardening update 18:06:47 <jdstrand> I also hope to look at some audits and tick off various things off my todo list 18:06:58 <jdstrand> mdeslaur: you're up 18:07:08 <mdeslaur> I'm in the happy place this week 18:07:14 <mdeslaur> I just published a few updates 18:07:25 <mdeslaur> and I plan on doing some merges 18:07:39 <mdeslaur> I have a short week as I'm off starting on thursday at noon 18:07:52 <mdeslaur> and I'll look at some other CVEs, time permitting 18:07:54 <mdeslaur> that's it from me 18:07:56 <mdeslaur> sbeattie: you're up 18:08:16 <sbeattie> I have a very short week this week, as I am on holiday starting tomorrow 18:08:47 <sbeattie> (I'll be available and sporadically checking irc/email) 18:09:08 <sbeattie> Otherwise, I'm continuing to work on apparmor display manager stuff 18:09:20 <sbeattie> that's it for me. micahg? 18:09:43 <mdeslaur> sbeattie: hehe, you must not have felt like getting up this morning :) 18:10:20 <micahg> I've got more webkit, patch piloting, and hopefully Chromium if qengho tracks down the issues he's working on 18:10:44 <micahg> that's it 18:11:22 <micahg> tyhicks: ping 18:11:31 <tyhicks> I'm working on an embargoed item 18:11:41 <tyhicks> I'll be working on the apparmor kernel policy interface work item, as well 18:12:15 <tyhicks> I should also take a look at the outstanding eCryptfs kernel patches sent to me recently since the kernel merge window will close this week 18:12:28 <tyhicks> I'm working all week 18:12:33 <tyhicks> that's it for me 18:12:35 <tyhicks> jjohansen: you're up 18:13:24 <doko> sarnold, fyi, the one issue that the gcc trunk build was broken with ssp is now fixed 18:13:40 <sarnold> doko: excellent, thank you :) 18:14:04 <jdstrand> jj isn't here 18:14:05 <doko> now reenabling again format security 18:14:10 <jdstrand> sarnold: you're up 18:14:15 <sbeattie> doko: \o/ 18:14:18 <tyhicks> oh yeah, sorry 18:14:39 <sarnold> I'm on triage this week 18:14:42 <jdstrand> I think he is working on getting 2.8 alpha together and the base labeling patches done before the break 18:15:19 <jdstrand> (he should be here most of the week as well) 18:15:45 * jdstrand is done 18:15:51 <jdstrand> sarnold: sorry 18:16:30 <sarnold> I've been reading and re-reading the bugzilla report from dwmw2 and trying to re-create the problem on my laptop 18:16:44 <sarnold> I'd like to recreate the problem in a way that leads to reproducers that could be added to QRT 18:17:06 <jdstrand> sarnold: is that a gcc thing? 18:17:20 <sarnold> (dwmw2's configuration is _highly_ specific to his use, and isn't easy to recreate... I've found that the dnsmasq spawned by juju seems ideal at showing the problem...) 18:17:28 <jdstrand> ah, dnsmasq 18:17:33 <sarnold> jdstrand: ah, no, sorry, dnsmasq 18:18:47 <sarnold> I'm currently poking at using the 'dummy' interfaces because the ethernet aliases don't have the correct 'bind to interface' properties that a 'real' interface would have, and I want them separate from my physical interfaces... 18:19:47 <sarnold> I think I'm going to be using tcpdump, tcprewrite, and tcpreplay to fiddle with the packets, though I'm not 100% confident that tcpreplay will let me send to a 'wrong' ip for a given interface. 18:20:36 <sarnold> the patch itself is surprisingly small for the effort though; I feel like dnsmasq is important enough to get right to put in this time, but wouldn't mind be persuaded to just do the update. 18:20:57 <jdstrand> sarnold: hmm, you might check out scapy 18:21:04 <sbeattie> sarnold: hrm, is this something where testing in a multi-interfaced vm would make more sense? 18:21:24 <sarnold> sbeattie: ah, it could. 18:21:35 <mdeslaur> sarnold: you can look at the instructions for quagga for examples on multi-vm testing instructions 18:22:13 <sarnold> I was hoping to stick with dummy just so that it would be easier to put into qrt tests -- something that could be configured and run entirely on one host, you know? 18:22:19 <mdeslaur> sarnold: or isc-dhcp 18:22:29 <sarnold> mdeslaur: cool, thanks. :) 18:23:58 <jdstrand> sarnold: one host is definitely nice. there are some tests scripts (libvirt, krb5, openldap (iirc)) that can be given an extra argument to connect to another server 18:24:12 <jdstrand> which is a totally acceptable fallback 18:25:02 <jdstrand> sarnold: do you have more to report? 18:25:25 <sarnold> jdstrand: no, that's it. thanks. 18:25:30 <jdstrand> [TOPIC] Highlighted packages 18:25:37 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:25:41 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:25:47 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ircd-ratbox.html 18:25:50 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/dracut.html 18:25:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xymon.html 18:25:56 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libapache2-mod-auth-openid.html 18:26:01 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pnp4nagios.html 18:26:11 <jdstrand> [TOPIC] Miscellaneous and Questions 18:26:16 <jdstrand> Does anyone have any other questions or items to discuss? 18:28:13 <jdstrand> mdeslaur, sbeattie, micahg, tyhicks, sarnold: thanks! 18:28:14 <jdstrand> #endmeeting