16:33 <mdeslaur> #startmeeting 16:33 <meetingology> Meeting started Mon Jun 3 16:33:08 2013 UTC. The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:33 <meetingology> 16:33 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:33 <mdeslaur> chrisccoulson: wake up 16:33 <chrisccoulson> hi :) 16:33 <mdeslaur> The meeting agenda can be found at: 16:33 <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:33 <mdeslaur> [TOPIC] Announcements 16:33 <mdeslaur> Thanks to Christian Kuersteiner (ckuerste) who provided debdiffs for precise-raring for xmp (LP: #1182769) 16:33 <mdeslaur> Thanks to Christian Kuersteiner (ckuerste) who provided debdiffs for quantal for tomcat6 (LP: #1166649) 16:33 <mdeslaur> Thanks to Thomas Ward (teward) who provided debdiffs for precise-raring for nginx (LP: #1182586) 16:33 <mdeslaur> Thanks to Rohan Garg (rohangarg) who provided debdiffs for precise-raring for kde4libs (LP: #1178286) 16:33 <ubottu> Launchpad bug 1182769 in xmp (Ubuntu) "Buffer Overflow in MASI loader" [Undecided,Fix released] https://launchpad.net/bugs/1182769 16:33 <mdeslaur> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:33 <ubottu> Launchpad bug 1166649 in tomcat6 (Ubuntu Saucy) "Multiple open vulnerabilities in tomcat6 in quantal" [Undecided,Fix released] https://launchpad.net/bugs/1166649 16:33 <ubottu> Launchpad bug 1182586 in nginx (Ubuntu Raring) "CVE-2013-2070: nginx proxy_pass buffer overflow vulnerability" [Medium,Fix released] https://launchpad.net/bugs/1182586 16:33 <ubottu> Launchpad bug 1178286 in kdelibs "Security advisory from KDE upstream" [Medium,Fix released] https://launchpad.net/bugs/1178286 16:33 * mdeslaur slaps ubotty 16:34 <mdeslaur> [TOPIC] Weekly stand-up report 16:34 <mdeslaur> I'll go first 16:34 <mdeslaur> I'll be testing the zillion X updates this week 16:34 <mdeslaur> and that's about it 16:34 <mdeslaur> I'm on community too 16:34 <mdeslaur> sbeattie: you're up 16:34 <sbeattie> I'm focusing on apparmor stuff again this week 16:35 <sbeattie> Specifically https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-sdk 16:35 <sbeattie> I'm currently hacking on the aa-easyprof bits 16:35 <sbeattie> that's pretty much it for me. 16:35 <sbeattie> tyhicks: you're up 16:35 <tyhicks> I'm working on https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-dbus 16:36 <tyhicks> This week, I plan on having all of the work items done except for the items related to pushing everything to the archive 16:36 <tyhicks> There's also some minor cleanup and finishing touch type stuff that I'll end up doing to the dbus and apparmor patches 16:36 <tyhicks> That's it for me 16:36 <tyhicks> jjohansen: you're up 16:37 <jjohansen> I'm focused on apparmor stuff as well 16:38 <jjohansen> I'm still poking around for the correct bp so I'll just skip pasting that and say, its the continuation of the ipc work 16:38 <mdeslaur> jjohansen: I have "signals and bits for IPC" and "extended conditionals" in last weeks meeting log 16:38 <mdeslaur> jjohansen: is it a continuation of that? 16:39 <jjohansen> mdeslaur: yep 16:39 <mdeslaur> cool 16:40 <jjohansen> that and I'll get the latest patchset out for more review 16:40 <jjohansen> sarnold: your up 16:40 <sarnold> I'm on triage on this week 16:40 <sarnold> I'll also be poking at trying to unbreak the boucycastle test suite, or steal portions of it, for QRT 16:41 <mdeslaur> sarnold: what's the status of your openssl updates? 16:41 <sarnold> I'm not sure why I've been met with such failure trying to use the test suite, but I presume it's partly my fault for not 100% grokking modern java 16:42 <sarnold> mdeslaur: at least saucy will need re-doing, I think there's a new version pushed into the archive in the meantime; I also need to ask your help in preparing updates for security-proposed or something to get testers first.. 16:42 <sarnold> .. at least, I think I'd really rather have feedback from users before pushing it to everyone 16:42 <sarnold> granted, fedora's been using it for a few months, but perhaps their knowledge of hwat broke isn't logged in their bug report. :) 16:42 <mdeslaur> sarnold: is it in the PPA yet? 16:42 <sarnold> mdeslaur: no 16:43 <mdeslaur> sarnold: ok, please create a tracking bug, and make sure the bug # is in the changelog before uploading 16:43 <sarnold> mdeslaur: okay 16:43 <mdeslaur> sarnold: so people know where to go if there's an issue in -proposed 16:43 <sarnold> mdeslaur: do I then just upload to the usual ppa once that's done? 16:44 <mdeslaur> sarnold: yes, as -security, and then we'll get an AA to pocket-copy it to -proposed 16:44 <mdeslaur> (perhaps I can already do that, need to check) 16:44 <sarnold> mdeslaur: cool, thanks :) 16:44 <mdeslaur> sarnold: you done? 16:45 <sarnold> mdeslaur: how much time do you think I should spend on trying to revive the bouncy castle tests before writing a handful of much less comprehensive tests myself? 16:45 <mdeslaur> sarnold: half a day? 16:45 * mdeslaur shrugs 16:45 <sarnold> mdeslaur: cool, thanks. now done :) 16:45 <sarnold> chrisccoulson: you're up :) 16:46 <mdeslaur> chrisccoulson: dude, wake up 16:46 <sbeattie> mdeslaur: he's gotta finish his beer first. 16:47 <mdeslaur> ok, I'll mark down "web-y browser thingies" 16:48 <mdeslaur> [TOPIC] Highlighted packages 16:48 <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:48 <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/bip.html 16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/openswan.html 16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/exif.html 16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/ibm-3270.html 16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/php-mail.html 16:48 <chrisccoulson> oops, sorry, was just finishing up dinner ;) 16:48 <mdeslaur> chrisccoulson: hrm, sorry about the meeting being so late for you 16:48 <chrisccoulson> that's ok 16:49 <mdeslaur> chrisccoulson: maybe we should get you to go first next time 16:49 <mdeslaur> chrisccoulson: what are you working on this week? 16:50 <chrisccoulson> this week, i'm still working on client-1303-webkit-maintenance. i've been fleshing out architecture diagrams for the last few days. hopefully they'll be in a good enough state for me to make public on google docs this week 16:50 <mdeslaur> cool 16:50 <chrisccoulson> and then we'll have a good idea of what work needs to happen :) 16:51 <mdeslaur> awesome 16:51 <mdeslaur> chrisccoulson: done? 16:52 <chrisccoulson> mdeslaur, yeah. there aren't any updates planned this week :) 16:52 <mdeslaur> oh, good 16:52 <mdeslaur> [TOPIC] Miscellaneous and Questions 16:52 <mdeslaur> Does anyone have any other questions or items to discuss? 16:53 <mdeslaur> Thanks everyone! 16:53 <mdeslaur> #endmeeting