18:00:31 <jdstrand> #startmeeting 18:00:31 <meetingology> Meeting started Mon Jan 28 18:00:31 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:00:31 <meetingology> 18:00:31 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:00:38 <jdstrand> nice to start on time today :) 18:00:43 <jdstrand> The meeting agenda can be found at: 18:00:45 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:00:52 <jdstrand> [TOPIC] Announcements 18:01:16 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for lucid-oneiric for xymon (LP: #1092412) 18:01:18 <ubottu> Launchpad bug 1092412 in xymon (Ubuntu Precise) "Xymon Multiple XSS" [Undecided,Fix released] https://launchpad.net/bugs/1092412 18:01:20 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for quantal for ruby-actionpack-3.2 (LP: #1100188) 18:01:22 <ubottu> Launchpad bug 1100188 in rails (Ubuntu Lucid) " Unsafe Query Generation Risk in Ruby on Rails" [Undecided,Triaged] https://launchpad.net/bugs/1100188 18:01:24 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for quantal for ruby-activerecord-3.2 (LP: #1100188) 18:02:15 <jdstrand> thanks to ckuerste for his help on security updates for these community supported packages. Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 18:02:20 <jdstrand> [TOPIC] Weekly stand-up report 18:02:24 <jdstrand> I'll go first 18:03:20 <jdstrand> last week I was community and I patch piloted 18:03:36 <jdstrand> this week I've got a chromium-browser upload to sponsor/test 18:03:42 <jdstrand> and two embargoed issues 18:04:02 <jdstrand> I'd like to take another look at our blueprints as well 18:04:15 <jdstrand> I plan to finish a couple of outstanding audits as well 18:04:21 <jdstrand> mdeslaur: you're up 18:04:33 <mdeslaur> I just published a couple of USNs 18:04:42 <mdeslaur> and I have something embargoed to look at 18:04:51 <mdeslaur> and then will continue going down the CVE list 18:04:58 <mdeslaur> I'm on triage this week too 18:05:03 <mdeslaur> that's it, sbeattie you're up 18:05:41 <sbeattie> I'm still focused on apparmor this week, specifically the display manager mediation prototype. 18:06:09 <sbeattie> that's prettymuch it for me. tyhicks? 18:06:28 <tyhicks> I'm working on an embargoed item 18:07:03 <tyhicks> I also need to upload new dbus and linux packages to the dbus-dev PPA for some patches that'll allow dbus to detect if apparmor supports dbus rules 18:07:16 <tyhicks> Then I'll (re)start work on the AppArmor kernel policy interface workitem 18:07:23 <tyhicks> That's it for me 18:07:27 <tyhicks> jjohansen: you'r eup 18:09:59 * jjohansen is working on the apparmor label and stacking code again, and we should see a new patchset this week. Currently I am chasing down a refcounting bug that is causing oopses 18:10:40 <jjohansen> after the new patchset gets pushed, /me will be moving on to env var filtering 18:10:46 <mdeslaur> \o/ 18:10:54 <jdstrand> \o/ 18:11:11 <jjohansen> sarnold: I think your up next 18:11:59 <sarnold> the dnsmasq patchset just kept growing, I handed off a braindump and four debdiffs to mdeslaur last week, it's a bit annoying to feel defeated by an update, but it's nice to look forward to something more approachable this week :) 18:12:19 <mdeslaur> sarnold: hehe, don't worry about that :) 18:12:20 <sarnold> this week I'm working on an update for squid and reviewing jjohansen's patches 18:12:30 <sarnold> I'm also on community :) 18:12:49 <sarnold> jdstrand: your turn :) 18:12:51 <mdeslaur> sarnold: cool. Squid is your priority this week. 18:13:01 <sarnold> mdeslaur: thanks 18:13:46 <mdeslaur> sarnold: I'd like to see squid published on thursday 18:13:57 <mdeslaur> sarnold: and if you still need testing, it can get pushed back to monday 18:14:02 <mdeslaur> sarnold: is that reasonable? 18:14:10 <sarnold> mdeslaur: I think so 18:14:16 <mdeslaur> sarnold: cool, thanks 18:15:43 <jdstrand> [TOPIC] Highlighted packages 18:15:52 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:15:57 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:16:11 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mathopd.html 18:16:13 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/elinks.html 18:16:16 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/openarena.html 18:16:19 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsmi.html 18:16:24 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/geshi.html 18:16:53 <jdstrand> Also, there are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application. 18:17:00 <jdstrand> [TOPIC] Miscellaneous and Questions 18:17:05 <jdstrand> Does anyone have any other questions or items to discuss? 18:23:37 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold: thanks! 18:23:39 <jdstrand> #endmeeting