16:34:24 <jdstrand> #startmeeting 16:34:24 <meetingology> Meeting started Mon May 6 16:34:24 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:34:24 <meetingology> 16:34:24 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:34:30 <jdstrand> The meeting agenda can be found at: 16:34:31 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:34:34 <jdstrand> [TOPIC] Announcements 16:34:41 <jdstrand> Evan Broder (broder) provided a debdiff for lucid for libapache-mod-security (LP: #1169030) 16:34:43 <ubottu> Launchpad bug 1169030 in modsecurity-apache (Ubuntu) "CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack" [Undecided,Triaged] https://launchpad.net/bugs/1169030 16:34:45 <jdstrand> Scott Kitterman (ScottK) provided a debdiff for hardy for clamav and new package for saucy (LP: #1172981) 16:34:47 <ubottu> Launchpad bug 1172981 in clamav (Ubuntu Hardy) "clamav 0.97.8 security update" [Undecided,Fix released] https://launchpad.net/bugs/1172981 16:34:48 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:35:02 <jdstrand> [TOPIC] Weekly stand-up report 16:35:09 <jdstrand> I'll go first 16:35:34 <jdstrand> I'm in the happy place this week 16:35:51 <jdstrand> I've got openjdk-6 updates to finish testing and publish 16:36:24 <jdstrand> last week a very productive week, and I've got lots of notes to assimilate and things to follow-up on, so I'll be doing that quite a bit 16:36:38 <jdstrand> there is an embargoed issue I'm going to be looking at 16:37:12 <jdstrand> and patch piloting 16:37:23 <jdstrand> that's it from me. mdeslaur, you're up 16:37:28 <mdeslaur> I'm on triage this week 16:37:41 <mdeslaur> and I have a few updates in the sec ppa to test and hopefully release this week 16:37:54 <mdeslaur> that's it from me 16:37:56 <mdeslaur> sbeattie: you're up 16:38:07 <sbeattie> I'm working on apparmor stuff this week 16:38:55 <sbeattie> I'm currently finishing up a couple of carried over work items, the aa-easyprof templates for qml apps and html5 apps 16:39:51 <sbeattie> after that, I'll move on to modifying aa-easyprof to take a manifest file and emit policy 16:40:02 <sbeattie> That's pretty much it for me. 16:40:09 <sbeattie> tyhicks: you're up 16:40:35 <tyhicks> This week, I'm working on this blueprint: https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-dbus-performance 16:40:44 <tyhicks> I finshed my carryover work item last week 16:40:56 <tyhicks> I'm wrapping up "adjust policy language to better match the network rule style and use more appropriate dbus keywords" 16:41:20 <tyhicks> then I'll move on to the performance testing work items 16:41:42 <tyhicks> then chat w/ jj to determine the best route forward to improve performance (if needed) and start on those changes 16:41:46 <tyhicks> that's it for me 16:41:48 <tyhicks> jjohansen: you're up 16:42:30 <jjohansen> hi I'm am working on https://blueprints.launchpad.net/ubuntu/+spec/appdev-s-appisolation-signals-ipc-ptrace 16:43:18 <jjohansen> and doing a little prep for tomorrows apparmor meeting 16:44:09 <jjohansen> sarnold: your up 16:44:20 <sarnold> I'm on community this week 16:44:46 <sarnold> I'll be doing some patch review for john, and if steve or tyler have anything ready, that'd be fun too :) 16:45:16 <tyhicks> I have some stuff that I can send up this week 16:45:54 <sarnold> I may also look over some seccomp patches for upstart, that sounds like a good wayto reduce attack surfaces overall, and some of our time on it would probably eb worthwhile 16:45:59 <sarnold> tyhicks: woot :) 16:46:33 <sarnold> I think that's it for me, and I don't see steakbot^Wchrisccoulson, so jdstrand, your turn 16:46:57 <jdstrand> yeah, it is a UK holiday 16:47:17 <jdstrand> [TOPIC] Highlighted packages 16:47:22 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47:26 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47:34 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/php-htmlpurifier.html 16:47:38 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mpack.html 16:47:40 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gnash.html 16:47:44 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/geshi.html 16:47:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libpoe-component-pubsub-perl.html 16:47:57 <jdstrand> [TOPIC] Miscellaneous and Questions 16:48:00 <jdstrand> Does anyone have any other questions or items to discuss? 16:54:03 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold: thanks! 16:54:05 <jdstrand> #endmeeting