18:01:39 <jdstrand> #startmeeting 18:01:39 <meetingology> Meeting started Mon Feb 11 18:01:39 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:01:39 <meetingology> 18:01:39 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:01:40 <jjohansen> \o 18:01:45 <jdstrand> The meeting agenda can be found at: 18:01:45 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:01:47 <jdstrand> [TOPIC] Announcements 18:02:05 <jdstrand> Stefan Bader (smb) provided debdiffs for oneiric-raring for xen 18:02:10 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for oneiric-quantal for firebird2.5 (LP: #1115902) 18:02:12 <ubottu> Launchpad bug 1115902 in firebird2.5 (Ubuntu Raring) "NULL Pointer Denial of Service Vulnerability" [Medium,Fix released] https://launchpad.net/bugs/1115902 18:02:14 <jdstrand> Malcolm Scott (malc) provided a debdiff for precise for cfingerd (LP: #1104425) 18:02:15 <ubottu> Launchpad bug 1104425 in cfingerd (Debian) "SECURITY: remotely-exploitable buffer overflow in cfingerd's rfc1413 (ident) client" [Unknown,Fix committed] https://launchpad.net/bugs/1104425 18:02:30 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job and thanks! :) 18:02:39 <jdstrand> [TOPIC] Weekly stand-up report 18:02:42 <jdstrand> I'll go first 18:03:01 <jdstrand> I'm on community this week 18:03:20 <jdstrand> and patch piloting 18:03:47 <jdstrand> I've got openjdk that I am testing today and will most likely push tomorrow 18:04:04 <jdstrand> I've also got another pending update 18:04:28 <jdstrand> and quite a few meetings this week 18:04:48 <jdstrand> I'm not particularly hopeful, but if I have time, I look at the lxc mir 18:04:53 <jdstrand> mdeslaur: you're up 18:05:29 <mdeslaur> I'm in the happy place this week. I have a few updates pending which should go out tomorrow. 18:05:34 <mdeslaur> and am currently working on some more 18:05:53 <mdeslaur> the CVE list has gone up a bit, so I'll try and chainsaw my way through some of it this week. 18:06:16 <jdstrand> mdeslaur: fyi, I deferred nss for the time being 18:06:21 <mdeslaur> need to take a look at the work items also this weeks 18:06:27 <jdstrand> upstream is working on a fix, but nothing to do atm 18:06:31 <mdeslaur> jdstrand: cool, thanks 18:06:42 <mdeslaur> that's about it from me. sbeattie, you're next 18:06:55 <sbeattie> I'm once again focused on apparmor this week. 18:07:10 <sbeattie> Ever so gradually making progress on my work items related to that. 18:07:24 <sbeattie> That's pretty much it for me, tyhicks? 18:07:27 <mdeslaur> sbeattie: making any progress there? 18:07:36 <sbeattie> yeah, it's just slow. 18:07:55 <tyhicks> I have a short week 18:07:59 <mdeslaur> cool 18:08:00 <tyhicks> Off Thursday and Friday 18:08:15 <tyhicks> I should be focused on AppArmor primarily this week 18:08:32 <tyhicks> I want to make some changes to the dbus package in the dbus-dev PPA 18:09:03 <tyhicks> I still haven't uploaded my compiler warning fixes and I want to enable libaudit support now that audit is in main 18:09:05 <mdeslaur> do we have an eta on when we'll be pushing any of that to raring? 18:09:32 <tyhicks> jjohansen: Are you wanting to have the socket labeling work done firsT? 18:10:03 <jjohansen> tyhicks: before the apparmor bits hit main? Hrmm I think we should discuss that 18:10:37 <tyhicks> mdeslaur: That will be the biggest remaining chunk, I think, so we'll have to discuss a bit more 18:10:47 <mdeslaur> ok 18:11:18 <tyhicks> Then I'll try to get some work on in the kernel policy interface 18:11:25 <tyhicks> that's it for me 18:11:27 <tyhicks> jjohansen: you're up 18:12:54 <jjohansen> so I am working on apparmor again this week, I'll be continuing with the socket labeling work, and I have some fixes to the stacking exec path / label merging to do 18:12:54 <jjohansen> I'll also be getting together with tyhicks to look at the dbus bits to see what needs to be done before it is merged 18:13:34 <jjohansen> I think thats it from /me sarnold your up 18:13:48 <sarnold> I'm also on AppArmor duty this week, I'll be reviewing John's patches 18:14:06 <sarnold> his last patch flood was pretty steep :) so I expect it'll keep me occupied for a while 18:14:11 <sarnold> I'm also on triage this week 18:14:35 * jjohansen will give sarnold another flood of patches this week, just to make sure he is drowning 18:14:38 <sarnold> but the last two weeks look like they had more than their share of security problems :) so I'm hoping for a quiet week :) 18:14:47 <sarnold> jjohansen: woo :) 18:14:59 * sarnold <-- patchmonster nom nom nom 18:15:11 <jdstrand> :) 18:15:12 <mdeslaur> hehe 18:15:12 <sarnold> that's it for me, back to jdstrand 18:15:21 <jdstrand> [TOPIC] Highlighted packages 18:15:25 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:15:35 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:15:36 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/freeipa.html 18:15:39 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libphp-jpgraph.html 18:15:42 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/zoneminder.html 18:15:45 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/obby.html 18:15:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsmi.html 18:15:56 <jdstrand> [TOPIC] Miscellaneous and Questions 18:16:01 <jdstrand> Does anyone have any other questions or items to discuss? 18:22:13 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold: thanks! 18:22:16 <jdstrand> #endmeeting